How to Comply with EU Ecodesign Directive, Lot 9 Data Deletion Requirements

Jan 08, 2020 Blog Article

The European Union’s Ecodesign Directive sets mandatory ecological requirements for energy-using and otherwise energy-related products sold throughout all EU member states. Among the items affected are data servers and data storage products—including specifications for data deletion.

If your business is in the EU or sells data storage equipment there, you will be affected by these new requirements. Here’s an overview of the law and a solution that will enable you to comply.

Katie Jefcoat - Blancco Author

Katie Moss Jefcoat Katie has launched and supported marketing campaigns for B2B technology companies since 2011. From 2016 to 2021, Katie served Blancco in the roles of content manager and senior product marketing manager, communicating the features and benefits of Blancco products, evaluating market and competitive trends, supporting sales enablement, and representing the voice of the customer.

Latest EU Environmental Mandate Covers Servers and Data Storage Products

he European Union’s (EU’s) Ecodesign Directive (Directive 2009/125/EC) establishes a framework that sets mandatory ecological requirements for energy-using and otherwise energy-related products sold throughout all EU member states. The requirements currently cover many product groups, including all those “that represent significant volumes of sales and trade, that have a significant environmental impact and that present significant potential for improvement in terms of their environmental impact without entailing excessive costs.”

Though the first working plan of the document was made available in 2008, the document has since been updated several times. The most recent March 2019 version of the Directive, referred to as “Lot 9” comes with a focus around servers and data storage products used for commercial purposes, with the goal of making significant energy saving improvements with regard to this equipment by 2030.

The requirements in Lot 9 will officially go into effect on March 1, 2020, for all products sold in the EU from that date forward.

Data Erasure Satisfies Lot 9’s Specifications for Secure Data Deletion

As part of the requirements, the European Union also establishes non-energy related objectives for companies operating in the EU (or shipping data center equipment there for sale), particularly around privacy.

One of these requirements is as follows:

“1.2.2. From 1 March 2020, a functionality for secure data deletion shall be made available for the deletion of data contained in all data storage devices of the product.”

To specify, this functionality:

“…could be implemented by means of technical solutions such as, but not limited, a functionality implemented in firmware, typically in the Basic Input/Output System (BIOS), in software included in a self-contained bootable environment provided in a bootable compact disc, digital versatile disc or universal serial bus memory storage device included with the product, or in software installable in the supported operating systems provided with the product.”

If you operate in the EU, or ship data storage equipment there with the intention to market it commercially, you must meet this requirement for secure data deletion, or as Blancco would define it, secure data erasure.

Blancco offers several deployment options for its erasure software, including many of those listed above, meaning our solution can easily satisfy Ecodesign Directive Lot 9 data deletion requirements.

Data Storage Products Affected by Lot 9’s Secure Data Deletion Requirements

Wondering if your data center equipment is affected by this regulation? Product types covered include servers and data storage products typically used for commercial purposes. According to the document, these are defined in the following way:

“(1) ‘server’ means a computing product that provides services and manages networked resources for client devices, such as desktop computers, notebook computers, desktop thin clients, internet protocol telephones, smartphones, tablets, tele-communication, automated systems or other servers, primarily accessed via network connections, and not through direct user input devices, such as a keyboard or a mouse and with the following characteristics:
(a) it is designed to support server operating systems (OS) and/or hypervisors, and targeted to run user-installed enterprise applications;
(b) it supports error-correcting code and/or buffered memory (including both buffered dual in-line memory modules and buffered on board configurations);
(c) all processors have access to shared system memory and are independently visible to a single OS or hypervisor;

AND

‘online data storage product’ means a data storage product designed for online, random-access of data, accessible in a random or sequential pattern, with a maximum time to first data of less than 80 milliseconds.”

Product types not covered by the directive include those quoted in the 2019 regulation, Article 1(2).

Lot 9’s Compliance Deadline is Rapidly Approaching: Are You Ready?

If your business is in the EU or sells data storage equipment there, you will be affected by these new requirements. Are you ready to comply by March 2020?

Whether you’re an MSP, EU enterprise company or a data storage OEM, customers and compliance auditors will soon be asking if you comply with these regulations. Do you have a trusted data erasure solution on-hand to recommend or provide to your customers?

For more information on how Blancco can help you achieve compliance with EU Ecodesign Directive Lot 9 data deletion requirements, contact Fredrik Forslund, VP, Enterprise and Cloud Erasure Solutions, at fredrik.forslund@blancco.com.