British Standards Institution

Source:: CENELEC
Committee:: GEL/65/3 - Industrial Networks
Categories:: Information management | Standardization. General rules
Comment period start date:: 29/08/2025
Comment period end date:: 25/09/2025

Comment by:

25th Sep

Scope

This European Standard provides a security profile for products with digital elements with the function of virtual private network (VPN). It provides a defined subset of IEC 62443 requirements applicable to products with digital elements with the function of VPN intended to be used in OT environments.

Purpose

The Cyber Resilience Act (CRA) lists products with digital elements with the function of virtual private network (VPN) in its Annex III “important products with digital elements”, under Class 1. This is why manufacturers require harmonized standards covering this product category to facilitate the placing of such products in the EU market after the CRA date of applicability. Hence, the development of harmonized standards for products with digital elements with the function of VPN is explicitly requested in the CRA standardization request. In an OT environment, products with digital elements with the function of VPN have specific requirements and needs that differ from IT environments. This is why, CLC/TC 65X proposes to standardize products with digital elements with the function of VPN that are intended to be used in OT environments. This project is proposed as a preliminary work item (PWI) for the following reasons: • The target dates for the development of this standard are not known yet, as the priority is given to the modifications of EN IEC 62443-4-2 in support of the CRA standardization request. The aim is to activate this PWI in a later stage. • It is however important to list this project in CLC/TC 65X work programme as a PWI to inform relevant stakeholders (European Commission, economic operators) about CLC/TC 65X intentions. Note: this PWI corresponds to the item 20 of the CRA standardization request, Annex I (M/606)

Comment on proposal

Required form fields are indicated by an asterisk (*) character.

How important do you think standardization is in this area? *

Do you agree that a standard on this subject is feasible?: *

Please give reasons for your selections above: *

Would you or your organization use the standard? *

Would you or your organization be prepared to participate in the development of the standard or to comment on the draft when it is available? *

Are you aware of any regulation, existing standards and other good practice information in this area in the UK (e.g. Industry codes of practice; company specifications, international or European Standards)? *

Would the development of a standard(s) in this area have a particular impact/relevance to SME, consumer, environmental or societal interests? *

Are you aware of any other organizations to which this proposal may be relevant? If so please provide details below. *

Additional comments on the scope or proposal:

Although BSI will not usually enter into correspondence regarding individual comments or suggestions we may wish to contact you to seek further clarification. Please indicate whether this will be acceptable: *

Discard

Please email further comments to: debbie.stead@bsigroup.com

Standard timeline

1. Proposal

Proposal start date:

29/08/2025

Proposal end date:

25/09/2025

2. Draft

3. Public Comments

4. Comment Resolution

5. Approval

6. Publication

Learn more about the standards development process

Standards Development

New Work Item Proposal prEN 50XXX Security for Operational Technologies - Part 4: Security Profile for products with digital elements with the function of virtual private network (VPN)

Scope

Purpose

Comment on proposal

Discard changes?

Submit comment

Submit comment

Follow standard

Unfollow standard

Error