Cybersecurity for Radio Equipment Directive

Cybersecurity for the Radio Equipment Directive (RED)

Ensure your wireless devices are prepared for RED cybersecurity requirements today.

Ensure your wireless devices are prepared for RED cybersecurity requirements today.

From 1st August 2025, all wireless devices placed on the EU market must comply with the Radio Equipment Directive (RED) cybersecurity requirements. 


CYBERSECURITY REQUIREMENTS UNDER THE RADIO EQUIPMENT DIRECTIVE

More and more products are now employing radio technology in their applications. Many of these devices connected to the internet may face security risks, making it vulnerable to potential attacks and exploitation. 

To mitigate these risks, the European Commission adopted a Delegated Act of the Radio Equipment Directive activating Articles 3(3)(d), (e) and (f) for certain categories of radio equipment to increase the level of cybersecurity, personal data protection and privacy, and protection of financial transactions.  

  • Article 3.3 (d) - radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service.
  • Article 3.3 (e) - radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected.
  • Article 3.3 (f) - radio equipment supports certain features ensuring protection from fraud.

which Typical devices are covered by THE RED cybersecurity requirements?

RED cybersecurity devices

  1. Equipment that uses radio technology for communication over the internet such as mobile phones, tablets, electronic cameras, telecommunication equipment 
  2. IoT devices that can transmit data over the internet
  3. Toys and childcare equipment such as baby monitors
  4. Wearable devices such as smartwatches or fitness trackers
  5. Connected industrial devices



WhEN IS THE DATELINE TO COMPLY WITH THE RED CYBERSECURITY REQUIREMENTS?

 

RED cybersecurity timeline

The European Commission has confirmed a 1-year extension of transition period for the Delegated Act (2022/30) to the Radio Equipment Directive (2014/53/EU) aimed at improving the cybersecurity of wireless devices available on the European Union's market. These cybersecurity requirements will be mandatory from 1 August 2025.

Download the FAQs


What manufactuers should do now?

While the extended period will allow more preparation time for manufacturers, the transition timeline should not result in a delay in preparing and assessing the cybersecurity health of their products.

Manufacturers of wireless products are advised to consult with TÜV SÜD early in the product development process to plan the necessary steps and start evaluating their products now instead of waiting for the standards to be published. It is key to engage in advanced preparation and early actions.

Contact TÜV SÜD today to understand how we can help prepare for the incoming RED cybersecurity requirements. We can also further assist in increasing security for your products.

 

how can TÜV SÜD help?

TÜV SÜD provides testing and evaluation services based on standards such as EN 303 645 and IEC 62443. Our laboratories can perform a variety of tests and services to prepare for the incoming regulation. We are also actively involved with the development of cybersecurity standards globally.

In addition, TÜV SÜD is an EU Notified Body for the Radio Equipment Directive. Therefore, we can support you in complying with the requirements of the Radio Equipment Directive together with other regulations and standards applicable to radio equipment and devices.

Please contact TÜV SÜD if you need more information on:

  • Understanding if your radio equipment product is in the scope of RED cybersecurity.
  • What are the best practices presently, such as secure-by-design 
  • Understanding the present status of standardization 
  • How to plan to ensure confidence in the security of your product

Contact us

Siguientes pasos

Site Selector