
RED cybersecurity requirements
From 1st August 2025, all wireless devices placed on the EU market must comply with the Radio Equipment Directive (RED) cybersecurity requirements.What are the RED cybersecurity requirements?
More and more products are now employing radio technology in their applications. Many of these devices connected to the Internet may face security risks, making it vulnerable to potential attacks and exploitation.
To mitigate these risks, the European Commission adopted a Delegated Act of the Radio Equipment Directive for certain categories of radio equipment to increase the level of cybersecurity, personal data protection and privacy, and protection of financial transactions. From 1st August 2025, all wireless devices placed on the EU market must comply with the RED cybersecurity requirements.
TÜV SÜD offers testing and evaluating services based on standards such as EN 303 645 and IEC 62443. Our experts help you comply with the requirements of the RED delegated act so that you will continue to enjoy smooth market access in the EU.
The RED delegated act activates Articles 3(3)(d), (e) and (f), which cover the following:
- Article 3.3 (d) – Radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service.
- Article 3.3 (e) – Radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected.
- Article 3.3 (f) – Radio equipment supports certain features ensuring protection from fraud.
The type of wireless products impacted by the RED cybersecurity requirements:
- Equipment that uses radio technology for communication over the internet such as mobile phones, tablets, electronic cameras, telecommunication equipment.
- IoT devices that can transmit data over the Internet.
- Toys and childcare equipment such as baby monitors.
- Wearable devices such as smartwatches or fitness trackers.
- Connected industrial devices.
When is the dateline to comply with the RED cybersecurity requirements?
The RED delegated act will enter into force in August 2025. While the harmonised standards are not yet published, you should consult with TÜV SÜD experts early in the product development process. This will help you plan the necessary steps and start evaluating your products early.
The timeline for compliance with RED cybersecurity requirements is as follows:
How TÜV SÜD can help you with the RED cybersecurity requirements
TÜV SÜD can help you prepare for RED cybersecurity requirements with comprehensive testing and evaluation services. We can also further assist in increasing security for your products.
Our laboratories can perform a variety of tests and services to prepare for compliance with necessary regulations. We test and evaluate products based on standards such as EN 303 645 and IEC 62443.
We are an EU Notified Body for the Radio Equipment Directive. Therefore, we can support you in complying with Radio Equipment Directive cybersecurity requirements together with other regulations and standards applicable to radio equipment and devices.
Our experts are actively involved with the development of cybersecurity standards globally. This keeps us up-to-date with the latest regulations and requirements.
In addition, we guide you on the following:
• Understanding if your radio equipment product is in the scope of RED cybersecurity.
• What are the best practices presently, such as secure-by-design.
• Understanding the present status of standardisation.
• How to plan to ensure confidence in the security of your product.