FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What's with the new password requirement?

Davoud
Enthusiast

‎08-02-2025 05:36 PM

Is this really necessary? Is there a bypass to avoid entering a password? If not, and if you find or steal my R5 or R5 Mk II, try 999999.

0 Likes
13 REPLIES 13

Davoud
Enthusiast
In response to kvbarkley

‎08-02-2025 06:21 PM

Yeah. People go nuts, get overzealous.

kvbarkley
VIP
VIP

‎08-02-2025 06:55 PM

The buzz around here is that it is an EU requirement

LeeP
Mentor
Mentor
In response to kvbarkley

‎08-02-2025 07:26 PM

Yes the EU is more "proactive" or "nanny state" depending on how you see it and it has a ripple effect to elsewhere.

Porsche for example cannot build the gas-powered Macan--their cash cow--due to some cybersecurity nonsense because the "architecture" of the car won't allow it to be upgraded easily. 

And while I am all for cybersecurity, a password on my camera seems antithetical to me. I understand why it's there and the reasoning behind it.

p4pictures
Elite
Elite
In response to LeeP

‎08-03-2025 08:50 AM

I am pretty sure this is a case of bureaucrats making rules with no consideration of how photographers use cameras


Brian
EOS specialist trainer, photographer and author
-- Note: my spell checker is set for EN-GB, not EN-US --

johnrmoyer
Whiz
Whiz

‎08-03-2025 09:32 AM

Radio Equipment Directive 2014/53/EU with extension according to Commission Delegated Regulation (EU) 2022/30

ETSI EN 303 645 (Cyber Security for Consumer Internet of Things: Baseline Requirements)

CEN/CENELEC EN 18031-1, EN 18031-2 and EN 18031-3:

EN 18031-1: Radio equipment with an internet connection

EN 18031-2: Radio devices that process data

EN 18031-3: Internet-enabled radio devices that process virtual money or monetary values

 

https://ib-lenhardt.com/kb/faq/radio-equipment-directive-red#cybersecurity-requirements 

Cybersecurity & Emerging Technologies

Wireless innovation and increasing device connectivity bring new
regulatory challenges under the Radio Equipment Directive (RED). To
address risks such as unauthorized access, data breaches, and spectrum
congestion, the EU has expanded RED requirements for cybersecurity,
interoperability, and spectrum efficiency. These provisions are
especially relevant for manufacturers of IoT devices, 5G products, and
smart home technologies.

Cybersecurity Requirements (mandatory from August 2025)

From August 1, 2025, new cybersecurity requirements under Articles
3(3)(d), (e), and (f) of the RED become legally binding. These cover
software protection, secure data handling, and fraud prevention. The
following harmonized standards provide a presumption of conformity—with
restrictions:

EN 18031-1:2024 – Internet-connected radio equipment

EN 18031-2:2024 – Devices processing personal data (e.g. toys, wearables)

EN 18031-3:2024 – Devices used for virtual or financial transactions

However, these standards do not provide a presumption of conformity in the following cases:

If users can bypass or disable password requirements (clauses 6.2.5.1, 6.2.5.2)

If parental access control is not ensured in applicable equipment categories (EN 18031-2:2024, clauses 6.1.3–6.1.6)

If assessment relies solely on explanatory sections like “Rationale” or “Guidance”

In such cases, manufacturers must conduct a full conformity assessment, possibly involving a Notified Body, as specified in EU Decision (EU) 2025/138.

Preparing for RED compliance with cybersecurity requirements for IoT?
Learn more about test procedures and applicable standards—such as EN 303
645 and EN 18031—on our IoT cybersecurity certification page. 

 

 

---
https://www.rsok.com/~jrm/

LeeP
Mentor
Mentor
In response to p4pictures

‎08-03-2025 10:28 AM

Typical of lawmakers everywhere, but they believe that writing an all-encompassing law solves the problem--even if the "problem" is a false narrative--and they further believe that they (1) do not need to understand the issue and that (2) they know better anyway. I'd rather have society be under-regulated than over-regulated, but until I am the King of Everything my input isn't being sought by politicians. This requirement for cameras is patently idiotic in my estimation. I don't plan to update the software.

0 Likes

johnrmoyer
Whiz
Whiz
In response to LeeP

‎08-03-2025 11:41 AM

@LeeP wrote:

Typical of lawmakers everywhere, but they believe that writing an all-encompassing law solves the problem--even if the "problem" is a false narrative--and they further believe that they (1) do not need to understand the issue and that (2) they know better anyway. I'd rather have society be under-regulated than over-regulated, but until I am the King of Everything my input isn't being sought by politicians. This requirement for cameras is patently idiotic in my estimation. I don't plan to update the software.

Warning: off topic philosophy is included in my response

I have not found the firmware update to cause any problems on my EOS R5. It also has no benefit to me since I do not use the wifi built into the camera for ftp data transfers. 

The problem being solved is the huge number of devices with radios that are connected to the internet without any bit of security, much less security updates. These devices are formed into botnets used to attack businesses, governments, and even hospitals. https://www.schneier.com/tag/internet-of-things/ 

A simplified explanation: https://krebsonsecurity.com/2016/10/europe-to-push-new-security-rules-amid-iot-mess/ 

security expert Bruce Schneier argued that the universe of IoT things will largely remain insecure and open to compromise unless and until government steps in and fixes the problem.

“When we have market failures, government is the only solution,” Schneier wrote. “The government could impose security regulations on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care. They could impose liabilities on manufacturers, allowing people like Brian Krebs to sue them. Any of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure.”

 

A regulation is needed because there is otherwise no incentive for the manufacturer to attempt to secure the device. The costs of insecurity are a burden on others and not the manufacturer. This is what economists call a negative exeternality. The basic concept is that your freedom does not allow you to impose costs on others.

 

---
https://www.rsok.com/~jrm/

Waddizzle
Legend
Legend

‎08-03-2025 02:14 PM - edited ‎08-03-2025 02:15 PM

I’m blaming Tony Northrop.  He’s been suggesting adding password security to cameras for years.  

--------------------------------------------------------
"Enjoying photography since 1972."
Holiday
Announcements
12/15/2025: New firmware update available for EOS C50 - Version 1.0.1.1

11/20/2025: New firmware updates are available.

EOS R6 Mark III - Version 1.0.1

EOS R3 - Version 2.0.0

EOS R1 - Version 1.2.0

EOS R5 Mark II - Version 1.2.0

EOS R5 - Version 2.2.1

PowerShot G7 X Mark III - Version 1.4.0

PowerShot SX740 HS - Version 1.0.2


10/21/2025: Service Notice: To Users of the Compact Digital Camera PowerShot V1

10/15/2025: New firmware updates are available.

Speedlite EL-5 - Version 1.2.0

Speedlite EL-1 - Version 1.1.0

Speedlite Transmitter ST-E10 - Version 1.2.0


07/28/2025: Notice of Free Repair Service for the Mirrorless Camera EOS R50 (Black)

07/24/2025: New firmware updates are available.


07/23/2025: New firmware updates are available.

EOS R5C - Version 1.1.1.1

EOS C80 - Version 1.0.3.1


7/17/2025: New firmware updates are available.

EOS R7 - Version 1.7.1

EOS R10 - Version 1.7.0

EOS R8 - Version 1.5.0

EOS R50 - Version 1.4.0

Powershot V10 - Version 1.4.0

Powershot V1 - Version 1.1.0

EOS R50V - Version 1.1.1


05/21/2025: New firmware update available for EOS C500 Mark II - Version 1.1.5.1

02/20/2025: New firmware updates are available.

RF70-200mm F2.8 L IS USM Z - Version 1.0.6

RF24-105mm F2.8 L IS USM Z - Version 1.0.9

RF100-300mm F2.8 L IS USM - Version 1.0.8

RF50mm F1.4 L VCM - Version 1.0.2

RF24mm F1.4 L VCM - Version 1.0.3


01/22/2024: Canon Supports Disaster Relief Efforts in California
01/14/2025: Steps to resolve still image problem when using certain SanDisk SD cards with the Canon EOS R5 Mark II
Copyright © 2025 Khoros, LLC