--- title: "Choose the Right ETSI Standard (EN 303 645 V3.1.3, TS 103 701, EN 319 401, EN 319 411)" canonical_url: "https://www.sorena.io/artifacts/global/etsi-standards-hub/choose-the-right-etsi-standard" source_url: "https://www.sorena.io/artifacts/global/etsi-standards-hub/choose-the-right-etsi-standard" author: "Sorena AI" description: "A practical decision guide to choose the right ETSI cybersecurity standard by product versus service scope and assurance objective." published_at: "2026-03-04" updated_at: "2026-03-04" keywords: - "choose the right ETSI standard" - "ETSI standards hub" - "ETSI cybersecurity standards" - "ETSI EN 303 645 V3.1.3" - "ETSI TS 103 701 V2.1.1" - "ETSI EN 319 401 V3.1.1" - "ETSI EN 319 411-1 V1.5.1" - "ETSI EN 319 411-2 V2.6.1" - "ETSI evidence pack" - "ETSI selection guide" - "ETSI standards" - "ETSI EN 303 645" - "ETSI TS 103 701" - "ETSI EN 319 401" - "ETSI EN 319 411" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # Choose the Right ETSI Standard (EN 303 645 V3.1.3, TS 103 701, EN 319 401, EN 319 411) A practical decision guide to choose the right ETSI cybersecurity standard by product versus service scope and assurance objective. *Decision guide* *GLOBAL* ## ETSI Standards Hub Choose the right ETSI standard A practical decision tree in text: pick the ETSI standard that matches your product or trust service, then plan controls, tests, and evidence. This guide pins the current ETSI editions and uses object-of-assurance logic so teams do not choose the wrong standard or the wrong version. If you start with the wrong ETSI standard or the wrong ETSI edition, you usually end up with the wrong evidence. Use this page to choose the right ETSI cybersecurity standard by what you are building and what you need to prove, then pin the exact edition before implementation starts. ## Fast path: match your use case to the right current ETSI document Start by selecting the correct object of conformity: a consumer IoT product, a trust service provider, or a certificate issuance service. Then choose the ETSI document that directly targets that object. If your goal is independent assessment, choose both the baseline and the assessment method where ETSI separates them. - Consumer IoT product security baseline: ETSI EN 303 645 V3.1.3 - Consumer IoT assessment and test scenarios: ETSI TS 103 701 V2.1.1 - Trust Service Provider general policy and operational requirements: ETSI EN 319 401 V3.1.1 - Certificate policy requirements in general issuance contexts: ETSI EN 319 411-1 V1.5.1 - Qualified certificate policy and qualified certificate issuance: ETSI EN 319 411-2 V2.6.1 ## Step 1: define the object you need to assure ETSI documents are intentionally specific. You get faster clarity when you write the scope in one sentence and keep it consistent across engineering, security, legal, and assurance teams. For consumer IoT, scope usually means device, companion app, and backend services required for security functions such as updates, vulnerability reporting, authentication, and telemetry. For trust services, scope usually means the TSP organization, its policies and practices, and the service processes and security controls that make the trust service reliable and auditable. - Name the thing you must secure: device family, platform, service, or certificate issuance function - List the security-relevant interfaces and dependencies - Define responsibility boundaries between your team and third parties - Write the assurance boundary: what will be assessed, by whom, and against which ETSI edition ## Step 2: define what you need to prove Different ETSI documents lead to different evidence styles. Some are outcome-focused baselines you implement and document. Others are assessment specifications designed for repeatable evaluation. For example, TS 103 701 is explicitly the conformance-assessment method for EN 303 645 and sets out the structure, roles, and documentation inputs that make IoT product assessments repeatable. - Self-assurance goal: implement the EN requirements and keep evidence and rationale traceable - Independent assessment goal: plan for test scenarios, verdict logic, and lab-ready inputs - Audit or supervisory goal: ensure policy, logging, incident response, and governance evidence are repeatable and attributable ## Step 3: pin the edition before you build controls Version drift breaks audits. The ETSI stack in this hub spans current publications from 2024 and 2025, and some of the IoT and trust-service documents were revised recently enough that older internal mappings are likely stale. Pin the title, version, and publication date in scope documents, control matrices, and evidence packs before implementation begins. - EN 303 645 V3.1.3 replaces older hub assumptions based on V2.1.1 - TS 103 701 V2.1.1 aligns the assessment method to the newer EN 303 645 edition - EN 319 401 V3.1.1, EN 319 411-1 V1.5.1, and EN 319 411-2 V2.6.1 should be pinned explicitly in trust-service programs ## Common selection mistakes ETSI work goes off the rails when teams choose a document by name recognition instead of by object and assurance outcome. Avoid these predictable mistakes. - Treating EN 303 645 as a test plan instead of a baseline standard and forgetting TS 103 701 when assessment structure is needed - Using TSP policy requirements for product security or product standards for trust-service governance - Mixing qualified and non-qualified certificate-policy expectations without a clear boundary between EN 319 411-1 and EN 319 411-2 - Ignoring version pinning and discovering too late that the evidence pack maps to an older edition *Recommended next step* *Placement: near the end of the main content before related guides* ## Use ETSI Standards Hub Choose the right ETSI standard as a cited research workflow Research Copilot can take ETSI Standards Hub Choose the right ETSI standard from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on ETSI Standards Hub can keep owners, evidence, and next steps aligned without copying this guide into separate documents. - [Open Research Copilot for ETSI Standards Hub Choose the right ETSI standard](/solutions/research-copilot.md): Start from ETSI Standards Hub Choose the right ETSI standard and answer scope, timing, and interpretation questions with cited outputs. - [Talk through ETSI Standards Hub](/contact.md): Review your current process, evidence gaps, and next steps for ETSI Standards Hub Choose the right ETSI standard. ## Primary sources - [ETSI EN 303 645 V3.1.3 (Baseline Requirements for Consumer IoT)](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf?ref=sorena.io) - Current ETSI EN 303 645 baseline document for consumer IoT security. - [ETSI TS 103 701 V2.1.1 (Conformance Assessment of Baseline Requirements)](https://www.etsi.org/deliver/etsi_ts/103700_103799/103701/02.01.01_60/ts_103701v020101p.pdf?ref=sorena.io) - Current ETSI assessment specification aligned to EN 303 645 V3.1.3. - [ETSI EN 319 401 V3.1.1](https://www.etsi.org/deliver/etsi_en/319400_319499/319401/03.01.01_60/en_319401v030101p.pdf?ref=sorena.io) - Current general policy requirements for trust service providers. - [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Current certificate policy requirements for general issuance contexts. - [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Current qualified certificate policy and qualified certificate issuance requirements. - [ETSI Consumer IoT technologies page](https://www.etsi.org/newsroom/news/11-technologies-clusters/technologies?ref=sorena.io) - Official ETSI page summarizing the current EN 303 645, TS 103 701, and related implementation flow. ## Related Topic Guides - [ETSI Standards FAQ (Current EN 303 645, TS 103 701, EN 319 401, EN 319 411)](/artifacts/global/etsi-standards-hub/faq.md): ETSI standards FAQ for security, product, and assurance teams: current ETSI editions, how EN 303 645 and TS 103 701 relate, what EN 319 401 covers. - [ETSI vs ISO for Cybersecurity Standards: When to Use Each](/artifacts/global/etsi-standards-hub/etsi-vs-iso.md): ETSI vs ISO explained for cybersecurity and assurance teams using current ETSI examples such as EN 303 645 V3.1.3, TS 103 701 V2.1.1, EN 319 401 V3.1.1. - [What Is Included in ETSI Standards Hub (Current IoT and Trust Services Stack)](/artifacts/global/etsi-standards-hub/what-is-included.md): A coverage map of the ETSI cybersecurity standards included in this hub using current editions: EN 303 645 V3.1.3, TS 103 701 V2.1.1, EN 319 401 V3.1.1. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/global/etsi-standards-hub/choose-the-right-etsi-standard