The EUs Reduction of Hazardous Substances (RoHS) directive, due to come into force on July 1st, could lead to an increase in the price of security hardware in the coming months.
One vendor, Watchguard, has confirmed that it is planning an across-the-board increase of around 10 percent on European shipments, caused by the need to re-engineer its products to remove a range of toxic substances.
The RoHS directive specifies very low limits for lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyls (PBBs), polybrominated diphenyl ethers (PBDE) in all electronics products shipped across the EU after July.
Watchguard said that it was the lead levels that had caused the most problems, requiring the use of alternative alloys that were expensive to procure.
The company had taken the opportunity of board level redesigns to upgrade its products from scratch more products, and so the higher prices also reflected improved performance. It had decided to make all products compliant, including those shipped to the US or Asia.
Meanwhile, other computing and security vendors appear to be ignoring or partially ignoring the directive, claiming exemptions under a clause that allows products said to be server or network infrastructure to use higher levels of lead. This allows a company to phase in compliant products over a longer period, thereby spreading the cost.
It is not clear on what basis such exemptions will be assessed to be legitimate in the UK as the department of Trade and Industry has not published a regulatory interpretation.
One channel source Techworld spoke to confirmed that a security vendor it handled would not have compliant products by the deadline. Many in the channel were concerned about being held accountable by the UK authorities in the event of a test case going against a non-compliant vendor.
The source criticised the level of confusion the directive had caused among computing vendors, most of whom operated outside its immediate jurisdiction whilst selling products in the EU. He agreed that compliance would inevitably add costs to hardware.
Other vendors contacted were unable to give a clear indication of whether their products would be compliant. A statement on the Fortinet website was typical of this ambiguous approach.
At this time, RoHS allows specific exemptions applicable to certain product types (i.e. network infrastructure equipment), where appropriate alternative materials and manufacturing processes do not currently exist.
The available components and manufacturing processes do not yet allow for the complete elimination of the material lead (Pb) from products produced by the network security solutions industry. Lead continues to be a necessary material until such a time that a viable alternative becomes available for all applications. We anticipate alternatives will be developed in the near future.
What is certain is that some companies at least will not be compliant with a directive that is a core element of the EUs environmental laws, while many compliant companies will inevitably pass on the cost to customers.