今天的行動有助於確保電子設備測試的完整性、安全性和互惠性。直到 2015 年，FCC 僅允許在美國或與美國簽署了互惠承認協議 (MRA) 的外國國家/地區進行設備測試和認證，以確保互惠待遇。今天通過的新規定和擬議規定旨在恢復並改進這項成功的政策，以加強 FCC 的監督和執法，強化 FCC 設備授權流程的可靠性和完整性，並優先考慮國家安全。

今天通過的擬議規則制定通知將徵求對擬議禁令的意見，該禁令禁止承認在沒有與美國簽署 MRA 或其他可比互惠貿易協議的國家/地區的任何測試實驗室和認證機構。根據這項提案，這些實驗室將在任何最終規則通過並實施後的兩年內逐步淘汰。

此外，FCC 通過了一項命令，為在受信任測試實驗室（即位於美國或互惠國際地點的實驗室）中測試的設備創建了快速通道優先審查流程。該命令還將採取一系列其他措施，以促進設備授權系統的完整性：要求披露參與 FCC 認可測試的員工地點和數量，改進 FCC 的上市後監管程序，加強執法機制，並為行業參與者建立機密報告渠道，以提出對違規行為或國家安全威脅的擔憂。

今天的行動是繼去年 FCC 通過規則，禁止承認由外國敵對勢力擁有或控制的測試實驗室和認證機構之後的。自這些規則通過以來，FCC 已採取行動撤銷或拒絕承認 23 個威脅美國國家安全的「不良實驗室」。

委員會於 2026 年 4 月 30 日通過了第二份報告和命令、重新考慮命令以及第二份進一步擬議規則制定 (FCC 26-28)。主席 Carr、委員 Gomez 和 Trusty 批准。主席 Carr 和委員 Trusty 發布了單獨的聲明。

原文件參考：

如有任何問題，歡迎聯繫我們
電郵：Charles.liao@theonelab.co
電話：(02)8601-2828

The post FCC 擬禁止在未簽署互惠協議的國家/地區實驗室進行電子設備測試 first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

Today’s actions help ensure integrity, security, and reciprocity in electronic device testing. Until 2015, the FCC only allowed device testing and certification in the U.S. or foreign countries with Mutual Recognition Agreements (MRA) with the U.S., guaranteeing reciprocal treatment. The new rules and the proposed rules adopted today look to restore – and improve upon – this successful policy in order to bolster FCC oversight and enforcement, strengthen the reliability and integrity of the FCC’s equipment authorization process, and prioritize national security.

The Notice of Proposed Rulemaking adopted today will seek comment on the proposed prohibition of recognizing any test labs and certification bodies in countries that lack either an MRA with the U.S. or other comparable reciprocal trade agreement. Under this proposal, these labs would be phased out over two years after any final rules were adopted and implemented.

In addition, the FCC adopted an Order to create a fast-track priority review process for devices tested in trusted test labs – namely those located in the United States or reciprocal international locations. The Order would also adopt a range of other measures to promote the integrity of the equipment authorization system: require the disclosure of the location and number of employees engaged in FCC-recognized testing, improve the FCC’s post-market surveillance procedures, strengthen enforcement mechanisms, and establish confidential reporting channels for industry participants to raise concerns about violations or national security threats.

Today’s action follows last year’s FCC adoption of rules to prohibit the recognition of test labs and certification bodies owned or controlled by foreign adversaries. Since those rules were adopted, the FCC has taken action to withdraw recognition from, or deny recognition to, twenty-three “Bad Labs” that threatened U.S. national security.

Action by the Commission April 30, 2026 by Second Report and Order, Order on Reconsideration, and Second Further Notice of Proposed Rulemaking (FCC 26-28). Chairman Carr, Commissioners Gomez and Trusty approving. Chairman Carr and Commissioner Trusty issuing separate statements.

Reference please check the below:

For further inquiries, please contact:
Email：Charles.liao@theonelab.co
Phone：(02)8601-2828

The post 【FCC】FCC Looks to Prohibit Electronic Device Testing Using Labs in CountriesWithout Reciprocal Agreements first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

The regulation officially entered into force in 2024 and will be implemented in phases over the next few years. Businesses that develop or use AI-related products are encouraged to start paying attention to the timeline and potential impact.

📅 Key Timeline (Simplified)

2024

• August 1, 2024 – Regulation enters into force
• Transition period begins (approx. 2 years)

👉 At this stage:
Preparation phase. Most obligations are not yet enforced.

2025 (First wave of enforcement)

• February 2, 2025 – Prohibited AI practices banned
  • Examples: social scoring, manipulative AI systems

👉 In short:
The most harmful AI uses are banned first

• August 2, 2025 – Generative AI requirements begin
  • Transparency obligations
  • Disclosure of training data (where applicable)
  • Copyright compliance

👉 Focus:
General-purpose AI (e.g. ChatGPT-like models) comes under regulation

⭐⭐2026 (Main obligations apply)

• August 2, 2026 – Most AI rules become fully applicable
  • High-risk AI requirements (risk management, documentation, testing, etc.)

👉 This is the key milestone for most businesses

2027 (Extended deadlines for certain sectors)

• Additional time for AI embedded in regulated products
  (e.g. medical devices, machinery)

👉 Industry-specific AI may have longer timelines

🧭 What Should Businesses Do?

You should start paying attention if your product or service:

• Uses AI (e.g. recommendation systems, chatbots, image recognition)
• Integrates generative AI tools
• Impacts decision-making, safety, or user rights
  (e.g. finance, hiring, healthcare)

For further inquiries, please contact:
Email：Charles.liao@theonelab.co
Phone：(02)8601-2828

The post 【EU】EU AI Act: Key Timeline for Businesses Using AI first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

For single cells or battery systems used in these products that comply with CNS 62619 or CNS 63056 and have obtained a Voluntary Product Certification (VPC) certificate issued by BSMI, such certificate may serve as proof of conformity for the single cells or battery systems.

For products with composite or multiple functions that fall within the scope of mandatory inspection, they must comply with the relevant inspection standards and the requirements of the registration of product certification scheme.

The post 【BSMI】Household Energy Storage Equipment Will Be Subject to Mandatory Inspection Starting July 1, 2026. first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

Use this checklist to ensure your packaging labels are 100% compliant before shipping:

1. General Labeling Specifications

• Placement: The ISI mark and required details must be prominently displayed on the individual product box.
• Durability: All markings must be legible and indelible (resistant to fading or removal).
• Font Size: To meet regulatory visibility standards, a minimum font size of Arial 6 is required.

2. Mandatory Information Checklist

Each label must include the following four elements:

1. License Number: Your unique BIS-assigned number (e.g., CM/L-XXXXXXX).
2. Date of Manufacture: Clearly stated month and year of production.
3. Manufacturer Details: Full legal name and physical address of the manufacturing facility.
4. Official BIS Disclaimer: The following specific text must be included: “For BIS Certification details please visit www.bis.gov.in”.
   

Example label as below:

💡 Pro-Tip from THE ONE for Exporters

Failure to include the correct CM/L number or the mandatory website disclaimer is one of the most common reasons for customs delays in India. We recommend a pre-shipment label audit to ensure all technical specifications meet the BIS Footwear Quality Control Order (QCO) requirements.

For further inquiries, please contact:
Email：Charles.liao@theonelab.co
Phone：(02)8601-2828

The post 【India ISI】India BIS Footwear Labeling Guide: ISI Mark Compliance Checklist first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

For manufacturers and stakeholders in the IoT ecosystem, this announcement marks a pivotal transition towards standardized cybersecurity labeling in the U.S. market:

1. Advancing Implementation: As the Lead Administrator, ioXt will collaborate with the FCC to finalize the program’s implementation, focusing on consumer outreach and label finalization.
2. Defining Standards & Testing: ioXt is tasked with recommending additional cybersecurity standards and technical testing procedures to the Commission. This will directly influence how IoT products are evaluated for the Cyber Trust Mark.
3. Focus on National Security: Under Chairman Brendan Carr, the program places a significant emphasis on national and cyber security, ensuring that products entering American homes meet robust safety criteria.

For further inquiries, please contact:
Email：Charles.liao@theonelab.co
Phone：(02)8601-2828

The post 【US-FCC】FCC Names ioXt Alliance as Lead Administrator for U.S. Cyber Trust Mark Program first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

As the European Union moves toward the full implementation of the Cyber Resilience Act (CRA), the European Commission has clarified the mandatory reporting obligations for products with digital elements. Starting September 11, 2026, manufacturers must comply with rigorous timelines for reporting actively exploited vulnerabilities and severe security incidents.

1. The “24-Hour” Compliance Challenge

Under the CRA, the window for reporting is exceptionally narrow. Manufacturers must implement a multi-stage notification process:

• Early Warning (24 Hours): Within 24 hours of becoming aware of an actively exploited vulnerability or a severe incident, an initial alert must be submitted.
• Full Notification (72 Hours): A detailed analysis of the incident/vulnerability must follow the early warning.
• Final Report: For vulnerabilities, a report is due 14 days after a corrective measure (patch) is available; for severe incidents, the deadline is one month.

2. Centralized Compliance via the Single Reporting Platform (SRP)

To streamline the process, ENISA is developing the CRA Single Reporting Platform (SRP).

• One-Stop Reporting: Manufacturers will report only once through the SRP. The notification is automatically routed to the relevant Computer Security Incident Response Team (CSIRT) and ENISA simultaneously.
• Operational Timeline: The platform will be fully operational by September 11, 2026. A testing phase will precede the launch, allowing manufacturers to dry-run their reporting pipelines.

3. Critical Implications for Product Certification

From a certification perspective, “Compliance” now extends beyond the physical product to the manufacturer’s operational lifecycle:

• Vulnerability Management Audits: During the conformity assessment process, manufacturers must demonstrate they have the internal infrastructure to detect and report incidents within the 24-hour threshold.
• SBOM and Supply Chain Transparency: Rapid reporting is impossible without a comprehensive Software Bill of Materials (SBOM). Certification will increasingly depend on a manufacturer’s ability to map their software supply chain accurately.
• Cross-Border Information Sharing: While information is generally shared across EU member states immediately, a delegated act adopted in December 2025 allows CSIRTs to delay dissemination under specific cybersecurity grounds to prevent further exploitation.

如有任何問題，歡迎聯繫我們
電郵：Charles.liao@theonelab.co
電話：(02)8601-2828

The post 【EU CRA】 Reporting Guide: Mandatory 24-Hour Notification Starts September 11, 2026 first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

一、 嚴苛的「24小時」通報時效

CRA 要求製造商在發現「已被積極利用的漏洞（Actively Exploited Vulnerabilities）」或「嚴重安全事故」時，必須履行階梯式通報義務：

• 24小時內： 提交「早期預警（Early Warning）」。
• 72小時內： 提交「完整通知（Full Notification）」。
• 最終報告： 對於漏洞，須在採取修正措施後 14 天內提交；對於事故，則須在 1 個月內提交報告。

二、 單一通報平台（SRP）正式定案

為簡化流程，歐盟網路暨資訊安全局（ENISA）正在開發**「CRA 單一通報平台（Single Reporting Platform, SRP）」**。

• 製造商只需透過該平台通報一次，資訊將自動分發至該企業主要據點國家的電腦安全事件應變小組（CSIRT）及 ENISA。
• 該平台預計於 2026 年 9 月 11 日前正式啟用，在此之前將進行測試。這代表企業必須在未來 18 個月內，將其內部的漏洞監測與通報系統與此外部平台完成對接。

三、 對認證體系與製造商的影響

身為認證服務供應商，我們觀察到 CRA 不僅是「事後通報」，更強調「事前合規」：

1. 漏洞監控能力： 企業若無法證明其具備 24 小時內的偵測與反應能力，將難以通過產品的安全性符合性評估（Conformity Assessment）。
2. 供應鏈透明度： 製造商必須對其產品中所使用的軟體元件（SBOM）有完整掌握，才能在漏洞發生時迅速判斷是否屬於通報範圍。
3. 區域分發限制： 在特殊情況下，若擴散資訊可能威脅網路安全，CSIRT 有權延遲向其他成員國分發通報資訊（依據 2025 年 12 月通過的授權法案）。

如有任何問題，歡迎聯繫我們
電郵：Charles.liao@theonelab.co
電話：(02)8601-2828

The post 【EU CRA】歐盟 CRA 網路韌性法案通報機制將於 2026 年 9 月 11 日上路 first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

1. Transition to “Annual Advance Payment” System 

The new regulations mandate that fees for the grant, renewal, and maintenance of licences must be paid annually in advance before the due date.

Crucially, the Production Statement must now be submitted simultaneously with the annual fee payment.

2. Stringent Penalties: Automatic Suspension and Cancellation 

BIS has implemented a more rigorous enforcement mechanism for non-compliance with payment schedules:

• Immediate Suspension: Failure to pay by the due date will result in an automatic 90-day suspension of the licence.
• Reinstatement Fee: To revoke a suspension, the licensee must pay the outstanding dues plus a late fee of INR 5,000.
• Removal of Notice Period: For suspensions or cancellations caused by non-payment, the standard 21-day prior notice period no longer applies.

3. Extension of Licence Validity 

To streamline administrative processes, the initial grant and subsequent renewal periods for licences under Scheme-I, Scheme-II, and Scheme-X have been extended to a maximum of 5 years.

4. “Scheme-II”: A Registration Process Based on Self-Declaration

This amendment provides a detailed definition of Scheme-II (the registration system based on a self-declaration of conformity):

• Process Transparency: Manufacturers must designate a third-party laboratory to conduct testing and submit a self-declaration of conformity for registration.
• Market Surveillance: BIS reserves the right to draw samples from the market or customs at any time for surveillance testing.
• Electronic Labelling (E-labelling): For electronic products with integrated displays, the use of electronic labels is permitted in place of physical labels.

For manufacturers with production facilities located outside India, please ensure that your Authorized Indian Representative (AIR) has signed the latest compliance declarations and affidavits to remain in full accordance with the updated regulatory requirements. 

For further inquiries, please contact:
Email：Charles.liao@theonelab.co
Phone：(02)8601-2828

The post 【India BIS】India BIS Issues 2026 Conformity Assessment Amendment first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.

For manufacturers exporting household and similar electrical appliances to the Indian market, ensuring product compliance with the IS 302 (Part 1): 2008 safety standard is the core of obtaining BIS certification. With the implementation of the 2026 Conformity Assessment (Amendment) Regulations, enterprises must pay close attention to changes in administrative procedures in addition to technical compliance.

I. Technical Level: Core Requirements of the IS 302-1 Safety Standard

IS 302 (Part 1) is the fundamental regulation for electrical safety in India, covering single-phase appliances with a rated voltage not exceeding 250V.

• Testing Scope: Includes protection against electric shock, starting power consumption and current, resistance to humidity, overload protection, stability, mechanical hazards, and construction inspection.
• Applicable Products: Household appliances such as rice cookers, electric water heaters, vacuum cleaners, and electric irons.
• Mandatory Labeling: Products must be marked with the “Standard Mark” and clearly display the rated voltage, power consumption, manufacturer name, and country of origin.

II. Administrative Level: Major Changes in 2026 BIS Regulations

According to the latest government gazette published on February 25, 2026, the license management mechanism has undergone significant adjustments. Manufacturers are urged to take note of the following:

• Significant Extension of License Validity: For household appliance products, the initial grant and subsequent renewals of BIS licenses (Scheme-I/CRS) can now be applied for a duration of up to 5 years, greatly reducing the administrative burden of frequent renewals.
• “Annual Advance Payment” System for Fees: All fees required to maintain the validity of the license must be paid annually in advance. Manufacturers who fail to pay the fees and submit the “Production Statement” before the deadline will face an automatic 90-day license suspension.
• Removal of Buffer Notification: The new regulation abolishes the 21-day notice period previously given before a suspension due to non-payment. If the fees remain unpaid at the end of the suspension period, the license will be directly cancelled.
• MSME and Startup Incentives: Manufacturers qualified as MSMEs (Micro, Small, and Medium Enterprises) or Start-ups can apply for a fee reduction of up to 80% (valid until May 2029).

III. Expert Compliance Recommendations

Special reminders for manufacturers with production facilities located outside of India:

• AIR (Authorized Indian Representative): Ensure that your AIR has signed the latest version of the compliance statement and affidavit.
• Early Preparation: It is recommended to begin annual fee settlements and production data consolidation three months prior to the license expiry date to avoid license invalidation caused by technical delays.

For further inquiries, please contact:

Email：Charles.liao@theonelab.co

Phone：(02)8601-2828

The post 【India BIS】India BIS Amends Scheme I Regulations: Automatic Licence Suspension for Electrical Appliances first appeared on 歐恩壹集團 - IoT資安｜CRA｜RED Cybersecurity｜18031 ｜BIS.