Your regular update for technical and industry information

Your regular update for technical and industry information

EU: The European Commission has adopted on October 29th the RED delegated act that adds new legal requirements for cybersecurity


Most radios including Internet of Things products are going to be subject to an Radio Equipment Directive (RED) delegated act for their cybersecurity in the future. Next step will be validation by Council and Parliament before a transition period of 30 months. Regarding Cybersecurity requirement there are 3 articles:

Articles (scope: any internet-connected devices ):

  • 3(3)(d) “radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service”
  • 3(3)(e) “radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected”
  • 3(3)(f) “radio equipment supports certain features ensuring protection from fraud”

Examples use cases would be :

  • 3(3)(d) System configuration of communication parameters can only be changed by an authorized user
  • 3(3)(e) Factory default credentials are forced to be changed to unique credentials at first use
  • 3(3)(f) Prevent replay attacks

As one can see the requirement are very broad and more details will be provided on the requirement when the request for standardization will be issued in the coming months. In due course, Harmonized standards will be published in the official Journal.

To provide our customers with immediate reassurance, we can offer assessment to the following current standards:

  • ETSI EN 303 645 “Cyber Security for Consumer Internet of Things”
  • EN-IEC 62443-4-2 “Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components”

TÜV SÜD are REDCA members and actively involved with the ETSI cyber standards development and is a leader for consumer product cyber security testing.

It is very important to prepare for the changes that this delegated act will bring for your current procedures when it comes to RED compliance. Though it can seem complex and cybersecurity can be challenging, our team of experts in TÜV SÜD can assist you with your RED compliance and answer any questions you may have. You can contact us at [email protected].


Download our whitepaper to ensure your products are cyber secure: Internet of Things (IoT) for a Connected World

Next Steps

Site Selector