Global | EN

RED cybersecurity requirements

From 1st August 2025, all wireless devices placed on the EU market must comply with the Radio Equipment Directive (RED) cybersecurity requirements.
Secure Phone

What are the RED cybersecurity requirements?

More and more products are now employing radio technology in their applications. Many of these devices connected to the Internet may face security risks, making it vulnerable to potential attacks and exploitation.

To mitigate these risks, the European Commission adopted a Delegated Act of the Radio Equipment Directive for certain categories of radio equipment to increase the level of cybersecurity, personal data protection and privacy, and protection of financial transactions. From 1st August 2025, all wireless devices placed on the EU market must comply with the RED cybersecurity requirements.

TÜV SÜD offers testing and evaluating services based on standards such as EN 303 645 and IEC 62443. Our experts help you comply with the requirements of the RED delegated act so that you will continue to enjoy smooth market access in the EU.

The RED delegated act activates Articles 3(3)(d), (e) and (f), which cover the following:

  • Article 3.3 (d) – Radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service.
  • Article 3.3 (e) – Radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected.
  • Article 3.3 (f) – Radio equipment supports certain features ensuring protection from fraud.

The type of wireless products impacted by the RED cybersecurity requirements:

  1. Equipment that uses radio technology for communication over the internet such as mobile phones, tablets, electronic cameras, telecommunication equipment.
  2. IoT devices that can transmit data over the Internet.
  3. Toys and childcare equipment such as baby monitors.
  4. Wearable devices such as smartwatches or fitness trackers.
  5. Connected industrial devices.

When is the dateline to comply with the RED cybersecurity requirements?

The RED delegated act will enter into force in August 2025. While the harmonised standards are not yet published, you should consult with TÜV SÜD experts early in the product development process. This will help you plan the necessary steps and start evaluating your products early.

The timeline for compliance with RED cybersecurity requirements is as follows:

Implementation timeline for RED cybersecurity

How TÜV SÜD can help you with the RED cybersecurity requirements

TÜV SÜD can help you prepare for RED cybersecurity requirements with comprehensive testing and evaluation services. We can also further assist in increasing security for your products.

Our laboratories can perform a variety of tests and services to prepare for compliance with necessary regulations. We test and evaluate products based on standards such as EN 303 645 and IEC 62443.

We are an EU Notified Body for the Radio Equipment Directive. Therefore, we can support you in complying with Radio Equipment Directive cybersecurity requirements together with other regulations and standards applicable to radio equipment and devices.

Our experts are actively involved with the development of cybersecurity standards globally. This keeps us up-to-date with the latest regulations and requirements.

In addition, we guide you on the following:

    • Understanding if your radio equipment product is in the scope of RED cybersecurity.

    • What are the best practices presently, such as secure-by-design.

    • Understanding the present status of standardisation.

    • How to plan to ensure confidence in the security of your product.

Get started with TÜV SÜD 

Start your Radio Equipment Directive cybersecurity journey with us.

Knowledge highlights

Webinar

radio equipment directive cybersecurity

#Consumer Products and Retail

Preparing for New RED Cybersecurity Requirements

Article

Cybersecurity requirements Radio Equipment Directive

#Service knowledge #Cybersecurity #Consumer Products and Retail #Manufacturing

5 key points about the new cybersecurity requirements for RED

Article

DefaultImage

#Service knowledge #Future insights #Cybersecurity #Consumer Products and Retail

ETSI EN 303 645 Cybersecurity for Consumer IoT