iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 27404:2025

(Main)

Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT

Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT

This document defines a cybersecurity labelling framework for the development and implementation of cybersecurity labelling programmes for consumer Internet of things (IoT) products. It provides requirements and guidance on the following topics: — risks and threats associated with consumer IoT products; — stakeholders, roles and responsibilities; — relevant standards and guidance documents; — conformity assessment; — labelling issuance and maintenance; — mutual recognition. This document is limited to consumer IoT products, such as: — IoT gateways, base stations and hubs to which multiple devices connect; smart cameras, televisions, and speakers; — wearable devices; — connected smoke detectors, door locks and window sensors; — connected home automation and alarm systems; — connected appliances, such as washing machines and fridges; — smart home assistants; and — connected children’s toys and baby monitors. Products that are not intended for consumer use are excluded from this document. Examples of excluded devices are those that are primarily intended for manufacturing, healthcare and other industrial purposes. This document is applicable to consumers, developers, issuing bodies of cybersecurity labels and conformity assessment bodies.

Cybersécurité — Sécurité et protection de la vie privée pour l'IDO — Cadre d'étiquetage de cybersécurité pour l'IDO grand public

General Information

Status
Published
Publication Date
16-Oct-2025
ICS
35.030 - IT Security
35.240.95 - Internet applications
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Current Stage
6060 - International Standard published
Start Date
17-Oct-2025
Due Date
03-Feb-2026
Completion Date
17-Oct-2025
Ref Project
ISO/IEC 27404:2025 - Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT Released:10/17/2025ISO/IEC 27404:2025 - Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT Released:10/17/2025
PreviousNext
Standard
ISO/IEC 27404:2025 - Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT Released:10/17/2025
English language
63 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 27404
First edition
Cybersecurity — IoT security and
2025-10
privacy — Cybersecurity labelling
framework for consumer IoT
Cybersécurité — Sécurité et protection de la vie privée pour l'IDO
— Cadre d'étiquetage de cybersécurité pour l'IDO grand public
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Overview of cybersecurity labelling for consumer IoT . 5
5.1 Cybersecurity labelling for consumer IoT .5
5.2 Guiding principles .5
5.3 Programme objectives .6
5.4 Threats and risks to consumer IoT products .6
5.4.1 General .6
5.4.2 Assumptions .6
5.4.3 Risk considerations and high-level categories .7
5.4.4 Security threats and risks .7
5.4.5 Privacy threats and risks.8
5.5 Relevant standards and guidance documents .9
6 International alignment through a cybersecurity labelling framework . 9
6.1 Objectives for international alignment .9
6.2 Determination of cybersecurity requirements through relevant standards and
guidance documents . .9
7 Requirements and guidance for the components of the cybersecurity labelling
framework for consumer IoT .10
7.1 General .10
7.2 Requirements for the cybersecurity labelling framework components .10
7.3 Guidance on the core components of cybersecurity labelling framework .11
7.4 Guidance on key stakeholders’ roles and responsibilities . 12
7.5 Guidance on binary and multi-level labelling schemes . 13
7.5.1 General . 13
7.5.2 Binary versus multi-level labelling schemes . 13
7.5.3 Basis for levels .14
7.6 Guidance on mutual- and cross-recognition .14
7.6.1 General .14
7.6.2 Benefits .14
7.6.3 Equivalency determination . 15
7.7 Guidance on conformity assessment . 15
7.7.1 General . 15
7.7.2 Assessment activities considerations . 15
7.8 Guidance on implementation considerations .16
8 Requirements and guidance for labelling issuance and maintenance for consumer IoT .16
8.1 General .16
8.2 Requirements for labelling issuance and maintenance for consumer IoT .17
8.3 Guidance on acceptance criteria and validation of application .17
8.4 Guidance on label validity .18
8.4.1 Scope of validity .18
8.4.2 Recommendations for labelled consumer IoT products during validity period .18
8.5 Guidance on surveillance and monitoring .18
8.6 Guidance on label maintenance and lifecycle of consumer IoT .19
8.7 Guidance on renewal of labels .19
8.8 Guidance on revocation of labels .19
8.9 Guidance on change of underlying standard . 20
8.10 Guidance on label design and characteristics. 20

© ISO/IEC 2025 – All rights reserved
iii
8.10.1 General . 20
8.10.2 Label design . 20
8.10.3 Label characteristics.21
Annex A (informative) Types and features of cybersecurity labels .22
Annex B (informative) Illustrative examples of multi-level labelling schemes .25
Annex C (informative) Illustrative examples of binary labelling schemes .34
Annex D (informative) Determination of equivalency among labelling schemes .39
Annex E (informative) Examples of cybersecurity baseline provisions . 47
Annex F (informative) Examples of security-by-design provisions .58
Annex G (informative) Examples of privacy assessment requirements .60
Bibliography .62

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 23000-22:2025/Amd 1:2025(Amendment)
Information technology — Multimedia application format (MPEG-A) — Part 22: Multi-image application format (MIAF) — Amendment 1: Implementation based technologies for MIAF
  • Standard
    3 pages
    English language
    sale 15% off
ISO
ISO 15087:2025(Main)
Dentistry — Dental elevators

This document specifies general requirements and test methods for metallic dental elevators. In addition, it specifies dimensional requirements for specific types of dental elevators such as Warwick James elevators, Cryer elevators, Coupland elevators, Bein elevators and Flohr elevators.

  • Standard
    12 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off
ISO
ISO 16075-7:2025(Main)
Guidelines for treated wastewater use for irrigation projects — Part 7: Golf courses and other sports fields

This document provides guidelines for the use of treated wastewater (TWW) and treated greywater (TGW) for the irrigation of golf courses and other outdoor sports fields. This document covers aspects for the irrigation of turfgrass in golf courses and other sports fields, including: — public health aspects; — agronomic aspects. Additionally, this document provides guidance for the recovery and treatment of water from swimming pool operations for the irrigation of sports fields. NOTE This document is not intended to be used for certification purposes.

  • Standard
    13 pages
    English language
    sale 15% off
  • Standard
    16 pages
    French language
    sale 15% off
ISO
ISO 15076-1:2025(Main)
Image technology colour management — Architecture, profile format and data structure — Part 1: Based on ICC.1:2022

This document specifies a colour profile format and describes the architecture within which it can operate. This architecture supports the exchange of information which specifies the intended colour image processing of digital data. The required reference colour spaces and the data structures (tags) are also specified.

  • Standard
    111 pages
    English language
    sale 15% off
ISO
ISO 7726:2025(Main)
Ergonomics of the thermal environment — Instruments for measuring and monitoring physical quantities

This document specifies the minimum characteristics of instruments for measuring physical quantities characterizing an environment, as well as the methods for measuring the physical quantities of this environment.

  • Standard
    49 pages
    English language
    sale 15% off
  • Standard
    51 pages
    French language
    sale 15% off
ISO
ISO 23300-2:2025(Main)
Railway infrastructure — Rail welding — Part 2: Aluminothermic welding

This document specifies the requirements on rail aluminothermic welding, including the requirements for approval process, laboratory tests, approval of welder and contractor, as well as the acceptance criteria of aluminothermic welds in track. This document concerns the welding of 43 kg/m to 75 kg/m new vignole rails of the same profiles and the same grades. This document is restricted to butt welding for connecting rail ends. NOTE Conformity with the requirements of this document does not ensure the suitability of a welding process for specific conditions of track and traffic. This document does not cover welds made between different rail sections, differently worn rails or different rail grades.

  • Standard
    39 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
ISO
ISO/IEC 24791-5:2025(Main)
Information technology — Radio frequency identification for item management software system infrastructure — Part 5: Device interface

This document specifies an interface within the software system infrastructure (SSI) that provides radio frequency identification (RFID) system control components with low-level access to RFID interrogators for the purpose of optimizing RFID data access and control operations. This interface is designed to be modular with the ability to support multiple RFID air protocols. However, in this document, the only RFID air protocol supported is ISO/IEC 18000-63:2021.

  • Standard
    18 pages
    English language
    sale 15% off
ISO
ISO 31657-3:2025(Main)
Plain bearings — Hydrodynamic plain journal bearings under steady-state conditions — Part 3: Characteristic values for calculation of tilting pad journal bearings

This document specifies the characteristic values for selected tilting-pad journal bearings with four or five centrally or eccentrically supported tilting pads, and with angular spans of pad sliding surfaces of Ω = 80°, 60° and 45°.

  • Standard
    73 pages
    English language
    sale 15% off
ISO
ISO 31657-2:2025(Main)
Plain bearings — Hydrodynamic plain journal bearings under steady-state conditions — Part 2: Characteristic values for calculation of multilobed journal bearings

This document specifies the characteristic values for selected two-, three- and four-lobe bearings.

  • Standard
    67 pages
    English language
    sale 15% off