The General Data Protection Regulation (GDPR) is intended to protect the fundamental privacy rights of EU data subjects and the security of personal data. It calls for more rigorous protection standards and requirements and sets a high cost for breach. Tuya has completed GDPR validation and optimized internal data security protection and compliance requirements.

Tuya has officially completed its CCPA compliance audit. Tuya Cloud Platform exhibits a high level of program maturity with regard to privacy and data protection. Tuya demonstrates a commitment to compliance efforts and is reported favorably in response to the needed programs and preparations currently in place.

Certified By Cybersecurity Agency Of Singapore

The Cyber Security Agency of Singapore (CSA) has launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices, as part of efforts to improve Internet of Things (IoT) security, raise overall cyber hygiene levels and better secure Singapore's cyberspace. The CLS is the first of its kind in the Asia-Pacific region. Under the scheme, smart devices will be rated according to their levels of cybersecurity provisions. This will enable consumers to identify products with better cybersecurity provisions and make informed decisions

ISO/IEC 27001:2013

ISO 27001 is the internationally recognized specification for an information security management system (ISMS). Its best-practice approach helps organizations manage the security of their information assets

ISO/IEC 27017:2015

ISO 27017 provides specific guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls. ISO 27017 also includes guidance on information security controls for cloud service providers.

ISO/IEC 27701:2019

ISO/IEC 27701 is an international management system standard, it provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.

CSA STAR Cloud Security

STAR certification incorporates the requirements of ISO 27001, and a maturity rating to indicate how well an organization is complying with the additional cloud specific requirements and also to drive optimization efforts by assessing the organizations capabilities and complexities as well.

ioXt 2020 Manufacturer Certified

ioXt Certification is issued by the ioXt (internet of secure things) Alliance, a global security standards organization for the Internet of Things, and is a standard to measure the security level of a specific IoT product/ APP. The ioXt Alliance is the creator of global standards for IoT security. It is composed of more than 200 leading OEMs, wireless operators, standards organizations, compliance laboratories, and government organizations, which is composed of technology giants including Google, Amazon, T-Mobile, etc. Aid is the only industry-led global IoT device security and certification program in the world.

ETSI EN 303645

ETSI EN 303645 is a European Standard on cyber security initiatives in consumer IoT security. This technical standard mainly regulates the cyber security of consumer IoT products and services, and commercial IoT products in the scope. It aims to establish a security baseline of defense for consumer IoT products and protect user privacy. It helps IoT products comply with security guidelines by design, and support global IoT product network security and European GDPR compliance. The related IoT law currently being promoted in the UK is also based on the the EN 303645 standard.

AICPA SOC 2

SOC 2 is an auditing procedure specifically designed for service providers storing customer data in the cloud to ensure that their information security measures comply with security standards. Tuya has completed the SOC 2 audit, demonstrating that Tuya securely manages customer data to protect the interests of an organization and the privacy of its clients.

ISO 9001

ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS), ensuring that the specific requirements of customers and regulatory agencies are met.

Enterprise Privacy Certificate (EPC)

Being certified by EPC demonstrates that Tuya has fully implemented its privacy policy and privacy controls. EPC enhances Tuya's capabilities in privacy and corporate data management.

IMDA Singapore

Complies with Infocomm Media Development AuthorityStandards DB123456

CE

Conformity of Europe (CE) is a mandatory conformity mark for products placed on the market in the European Economic Area (EEA). Products with the CE marking can be sold throughout the EEA without being subject to restrictions.

FCC

FCC certification is a type of product certification for electrical products with radiofrequency that are manufactured or sold in the United States. Products certified by the FCC are tested by an accredited laboratory and pass all the FCC testing standards

IC

Industry Canada (IC) is a Canadian federal government department and responsible for the certification of radio-communication equipment entering the Canadian market. IC formulates test standards for analog and digital terminal equipment and stipulates that imported electronic products must pass the relevant EMC certification.

RoHS

Restriction of Hazardous Substances (RoHS) restricts the use of specific hazardous materials found in electrical and electronic products. RoHS is a mandatory standard enacted by EU legislation. The RoHS Directive has been implemented since July 1, 2006. It standardizes the material and process conversion of electronic and electrical products to make the products more conducive to human health and environmentally friendly.

REACH

REACH is the European chemicals legislation and stands for Registration, Evaluation, Authorization and Restriction of Chemicals. The main objectives of REACH are to determine the hazards of chemicals and to carry out risk assessments. All products manufactured in the EU or imported into the EU market must pass the registration, inspection, and approval of the level of harmful chemical substances. Otherwise, they cannot be sold in the EU market.