[FCC] More on the European WiFi regulations
toke at toke.dk
Mon Oct 12 17:00:52 PDT 2015
So I've spent the last couple of days reading up on the European WiFi
regulation, and tried to summarise the relevant parts. This is probably
overlapping somewhat with stuff posted elsewhere, but I tried getting it
all in one place to improve my own understanding of the issues, and
thought it might be useful for others. I guess I am mostly hoping that
this can help get the ball rolling on figuring out how and what to do at
the European level.
Note that this is mostly my own interpretation of the all this; and I am
most certainly not a lawyer, nor am I terribly familiar with the inner
workings of the European Union (but am finding this journey of discovery
quite fascinating). Please do not hesitate to correct me where I'm
wrong, and/or to fill in gaps in the below. And yeah, sorry for the long
- The directive pertaining to radio equipment certification is Directive
2014/53/EU which needs to be implemented by member states by
June 2016. The full directive text is available here:
(substitute your language code for /EN/ to get the translated
- Article 3.3 of the directive has a set of extra requirements that are
applicable to *some types* of radio equipment. The power to specify
*which* types of equipment is covered by which of these points is
delegated to the European Commission in accordance with article 44 of
It appears that the previous legislation has defined two classes of
radio equipment (see
Class 1, which has no restrictions and includes the 2.4Ghz band as
well as the 5Ghz band from 5.47-5.725 Ghz. And Class 2, with more
restrictions, which includes frequencies from 5.15-5.35 Ghz.
Presumably these classifications will be kept going forward. However,
how it pertains to the different requirements in article 3.3 of the
new directive I don't know. And I'm not sure that has actually been
- The points of article 3.3 are potentially both good and bad. The
problematic one for the firmware issue is "(i) radio equipment
supports certain features in order to ensure that software can only be
loaded into the radio equipment where the compliance of the
combination of the radio equipment and software has been
demonstrated." There is an introductory recital (which is *not* part
of the directive proper) that says, in relation to this, that
"Verification by radio equipment of the compliance of its combination
with software should not be abused in order to prevent its use with
software provided by independent parties." (point 19).
Of the other requirements in article 3.3 the following could arguably
be leveraged to push for more openness: "(d) radio equipment does not
harm the network or its functioning nor misuse network resources,
thereby causing an unacceptable degradation of service;" and "(e)
radio equipment incorporates safeguards to ensure that the personal
data and privacy of the user and of the subscriber are protected;".
- Article 4 specifies that the manufacturer must document the compliance
"of intended combinations of radio equipment and software" and that
"the information shall precisely identify the radio equipment and the
software which have been assessed". Article 4 also refers to article
17, which in turn says that "Where the radio equipment is capable of
taking different configurations, the conformity assessment shall
confirm whether the radio equipment meets the essential requirements
set out in Article 3 in all possible configurations."
- Article 16 of the directive says that there is (or will be) a set of
"harmonised standards" which can be published in the "Official Journal
of the European Union". Any equipment in conformity with this
harmonised standard is automatically presumed to be in conformance in
all member states (overriding any member state rules AFAICT). What
this means (again, AFAICT) is that member states can potentially be
more lenient when assessing equipment (in their interpretation of the
problematic clause 3i for instance), but cannot prevent something that
has been certified to comply with the harmonised standards from being
marketed. So any mandate of openness (like that proposed in the
CeroWrt letter to the FCC) would have to be at the EU-wide level *as
well as* the member state level.
- I contacted the Swedish government to get access to their plans for
how to implement the directive into law. They referred me to
(in Swedish) which contains a memorandum describing this.
It basically says that the directive will be implemented in a way that
delegates the assessment of compliance *and* the actual definition of
which rules equipment needs to follow to the government agency
regulating telecommunications ("Post- och telestyrelsen" roughly
equivalent to the FCC I guess). The reasoning is that the actual
requirements are both liable to change (by decisions made by the
European Commission) and too technical and detailed to be in the law.
The introductory recital (19) has so far *not* been carried over to
the memorandum. The memorandum is currently in a hearing phase
(deadline Thursday), and I am working on a response that points out
this omission, which will hopefully be submitted by my university.
- As far as doing anything about all this, the only public statement I
have come across is this blog post:
-- that post includes a call to action (which I took inspiration from
to start collecting all this info) and an email address to forward
information to, which I've CC'ed on this email.
It would appear that (extrapolating from the Swedish case) the main
target for lobbying efforts would be the government agencies
implementing the rules governing which devices have to comply to which
parts of the directive. Both at the European and member state level.
But yeah, not really my area of expertise. Anyone with better ideas?
Thoughts and comments welcome!
More information about the FCC