RED certification | Meet EU cyber security standards to continue selling in Europe before 1st August 2025!

Get certified now!
SG: +65-3163-3225 US: +1-646-5689-760 IN: +91-8939625405 UK: +44 20 8089 2050 susan@positka.com
Radio Equipment Directive (RED): Cyber security compliance by 2025 Radio Equipment Directive (RED): Cyber security compliance by 2025
21-05-2025

Radio Equipment Directive (RED): Cyber security compliance of EU

Starting August 1, 2025, the European Union will begin enforcing the new cyber security requirements under the Radio Equipment Directive (RED) 2014/53/EU. These updates defined by the EN 18031 standard, will be relevant to all the connected IOT devices. For manufacturers, failure to comply will not just result in hefty penalties but will also lead to the product being completely pulled off from the EU market. This blog will shed light on what the current RED updates mean, why compliance is crucial and how early testing can help you avoid costly setbacks.

 

Radio Equipment Directive: Understanding the basics  

The Radio Equipment Directive (RED) 2014/53/EU serves as the European Union’s regulatory framework for any device that uses radio waves. This includes Bluetooth earbuds, smart thermostats or industrial transceivers. RED has been effective since 2016, and the original requirements had a base in the following three key areas:  

  • Safety [Article 3.1 (a)]: Ensuring safety in device usage, which includes prevention of scenarios like exploding batteries.
  • Electromagnetic compatibility [Article 3.1 (b)]: Ensuring there is no interference with other devices in a similar range.
  • Efficient use of the Radio spectrum [Article 3.2]: Making sure that the devices utilize radio frequencies efficiently. 

Products that meet the Radio Equipment Directive are eligible to receive a CE mark and be placed on the EU market, either through self-assessment or third-party certification. 

 

RED update: Cyber security joins the checklist

During the introduction phase of RED, cyber security threats were not considered as a top priority. It was beyond anyone’s imagination that even a smart speaker can be weaponized as part of a botnet! However, with the evolution of cyberattacks, the European Union introduced Delegated Regulation (EU) 2022/30 in 2021, officially adding cyber security to the RED framework. 

Starting August 1, 2025, all radio-enabled devices sold in the EU must meet three new cyber security requirements: 

  • Network integrity [Article 3.3 (d)]: Devices should not compromise network integrity by harming or misusing the networks. For example, a connected device should not be vulnerable to DDoS attacks.
  • Data privacy [Article 3.3 (e)]: Devices must make sure to not compromise critical/personal information. For instance, smartwatches should anonymize location data.
  • Fraud prevention [Article 3.3 (f)]: Devices must incorporate fraud detection and eradication mechanisms. An example would be e-wallets with strict authorization protocols. 

To ensure these new requirements are met, the European Union introduced the EN 18031 standards in 2024, with final revisions completed in early 2025. This set of cyber security standards is divided into three distinct parts: the first focuses on network resilience, the second on protection of personal data and the third on secure software development. Notably, EN 18031-3 mandates that devices must support secure over-the-air (OTA) updates to address vulnerabilities. If a device's update mechanism does not align with recognized best practices, manufacturers may be required to engage a Notified Body i.e., an officially designated auditor, to validate compliance. 

 

Ignoring the RED 2025: A good idea?  

Choosing to overlook the updated RED requirements is a risky move and the consequences can be severe. Here is what is at stake: 

  • Market removal: Non-compliant products can be quickly pulled from shelves through recalls. 
  • Hefty fines: Some EU member states, such as Germany, impose penalties of up to 4% of your annual global revenue.
  • Customs delay: Products without proper certification may be held at the border, causing costly supply-chain and inventory disruptions.
  • Insurance gaps: Many insurance providers will not cover damages or liabilities if your product violates RED regulations.
  • Reputational damage: The EU’s Rapid Alert System (RAPEX) publicly lists unsafe or non-compliant products, damaging your brand image.
  • Broken partnerships: Business partners may end contracts if your devices do not meet RED requirements.
  • Loss of consumer trust: Buyers are unlikely to choose products that appear vulnerable or insecure.

In short, ignoring RED 2025 could mean legal trouble, financial loss and long-term damage to your business. 

 

Why early testing is the smartest move?

Preparing for RED 2025 starts with one key step: early product testing. Meeting the EN 18031 standards is not just about ticking boxes; it is about ensuring your device is secure, reliable and ready for the market. 

So where to start?

  • Start with a gap analysis: Identify security weaknesses, such as outdated encryption or unreliable firmware update processes.
  • Prioritize high-risk areas: Focus on components like radio modules or cloud-connected features, which are more vulnerable to attacks.
  • Partner with an accredited lab: Accredited testing labs understand what is required for CE marking and can guide you through the process with accuracy and efficiency.
  • Get certified by a Notified Body: During testing, if the product is categorized as a high-risk device, RED mandates it to undergo conformity assessments and get certified from a Notified Body (NB). Examples of such high-risk devices include those that handle virtual money or those that contribute towards national security. 

With the August 2025 deadline quickly approaching, delaying testing is a high risk. The process can take time, especially if your product requires approval from the Notified Body due to non-standard features. Fixing problems after a failed test is often far more expensive than addressing them early. Taking action now, can save you time, money and stress down the line.

To support manufacturers in meeting the new requirements, we offer testing services aligned with the EN 18031 standards. Our approach helps identify compliance gaps, validate product readiness and ensure continued access to the EU and UK markets under the updated RED framework.

For more information, explore our Radio Equipment Directive (RED) product testing services.

 

References

 

# Positka blogs # Radio Equipment Directive RED # CE marking # RED EU

Recent Blogs

From One Event to Thousands: Supercharging Splunk Testing with Eventgen
Splunk Observability Cloud: Solution to Observability Challenges
Splunk Stats Command: Challenges and Remediation
positka blog

This author is a tech writer in Positka writing amazing blogs on latest smart security tech.

Get in touch

Send us a Message

Looking for general information or have a specific question? Fill the form below or drop
us a line at susan@positka.com.

positka logo

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © 2024. All Rights Reserved.

Enquiry Now
// First request succeeded, redirect to the thank-you page // Handle errors in the first request // Handle errors in the first request