RED DA: focus on cybersecurity requirements for wireless devices in EU

Reading time: 3 minutes - Difficulty: advanced

The RED DA (Radio Equipment Directive Delegated Act) aims to improve cybersecurity of consumer devices equipped with wireless connection in the European Union market. Find out what this entails and how to conform products to the standards in force as of August 1, 2025.

What devices need the most attention in terms of cybersecurity?

The devices covered by the efforts generated by Delegated Act (EU) 2022/30 for the Radio Equipment Directive (RED) 2014/53/EU are:

  1. Equipment that uses radio technology for internet communication, such as phones, tablets, cameras, telecommunications equipment
  2. Devices that can transmit data through IoT technologies
  3. Toys and equipment such as baby monitors
  4. Wearable devices such as smartwatch or fitwatch
  5. Networked industrial control devices

 

As seen in the previous article, manufacturers of such devices should be aware that cybersecurity has become equally important in both the consumer and industrial sectors; and the postponement of the application of RED DA to August 1, 2025 does not exonerate anyone. So much so that, while waiting, it is expected that many manufacturers will choose to refer to other standards, such as ETSI EN 303 645, NIST IR 8259A or IEC 62443.

 

Article 3.3 for Cybersecurity

red da cybersecurity requirements eu

 

  • Article 3.3 letter d) refers to network protection. Device manufacturers will have to include features that avoid damaging communication networks and prevent the device from disrupting the functionality of the website or services.
  • Article 3.3 letter e) reinforces personal data protection. For example, device manufacturers will have to implement measures to prevent unauthorized access to the personal data of consumers.
  • Article 3.3 letter f) reduces the risk of fraud. Device manufacturers will need to include features – such as better control of user authentication – to minimize fraudulent monetary transactions.

 

What we can do to help you with RED DA compliance

As previously mentioned, the cybersecurity requirements outlined in the RED directive will take effect in the EU on August 1, 2025. This will coincide with the official publication of specific harmonized standards, which are currently available as drafts.

Our support focuses on the essential cybersecurity requirements outlined in the act:

  • Article 3.3d covered in the harmonized standard prEN 18031-1
  • Article 3.3e covered in the harmonized standard prEN 18031-2.
  • Article 3.3f dealt with in the harmonized standard prEN 18031-3.

The applicable items and related standards depend on the product characteristics.

 

We recommend that you start by understanding the RED DA framework through a GAP Analysis, i.e. an analysis that highlights the level of compliance of your product with the cybersecurity requirements of the regulation, and clarifies what corrective actions you need to take to the devices in order to declare compliance.

The analysis includes a thorough investigation of the product and conducting resilience testing.

Lastly, we’ll provide you with a comprehensive report that consolidates the most pertinent information to assist you in ensuring your products adhere to cybersecurity standards. Contact us to request a RED DA consultation.

 

If product certification becomes necessary, we’ll assist you in drafting the technical compliance documents and handle the entire reporting process on your behalf. Upon completion, the Assessment Report, issued by TÜV Rheinland as a third party, will unequivocally demonstrate RED DA compliance according to the prEN 18031 standard.

 

Any questions or comments?

 

Share us your feedback

Do you want to help our page grow? Follow us on Linkedin

 

Go back to the blog
Send this to a friend