Richard Marshall

Founder and Director at Xitex

Richard is founder and director at Xitex, a secure product development consultancy, supporting customers developing secure products and the wider standards community.

Having worked for global organisations such as AT&T, Cisco and Sony, to be being part of the founding team for more than one start-up, Richard has been involved with a variety of secured products from Set Top Boxes to Cellular Small Cells over the last 20 years. At the start-up Ubiquisys, he founded the hardware and secure software delivery team, going on to become the Product Manager for the global secure software and PKI delivery system CloudBase. Cloudbase was a key component in Cisco’s acquisition of Ubiquisys in 2013.

On IoT security, Richard was the Internet of Things Security Foundation’s founding Plenary Chair for five years and currently sits on its Executive Steering Board. Richard is one of the lead authors for the foundation’s Assurance Framework which has recently been internationally recognized by the EU’s ETSI and US NIST standards bodies, as a point of reference for IoT security. He was also a contributor/reviewer for the UK’s ‘Code of Practice for Consumer IoT Security’, ETSI’s technical standard TS 103 645 and harmonized standard EN 303 645 on IoT Security. He is currently a member of CENELEC’s JTC13 WG8 RED and JTC13/WG9 CRA harmonised standards cyber-security working groups.


Radio Equipment Directive Cyber regulation and what you need to know

“With the European Commission adopting the RED Delegated Act activating Article 3.3 (d), 3.3 (e) and 3.3 (f) for both consumer and professional/industrial products (C(2021) 7672 1), significant changes are coming to RED compliance. The delegated act activates these three articles and originally compliance was to become mandatory on 1st August 2024 but is expected to be formally announced shortly that the deadline will be extended to August 2025. Article 3 of the RED mandates that radio equipment shall not harm network function, incorporates personal data and privacy protection safeguards and certain functions to protect from financial fraud. In this talk Richard will provide an update for manufacturers on routes to compliance for Article 3.3, the development of the related Harmonised Standard and the relevance of the IoTSF Assurance Framework.”