Introduction to RED DA, Delegated Regulation for the Radio Equipment Directive

Delegated Act (EU) 2022/30 supplements the Radio Equipment Directive (RED) 2014/53/EU on the application of the essential cybersecurity requirements in Article 3.3 d), e), f). Gather key information about this here.

Scope of the RED DA application

The purpose of the RED DA (Radio Equipment Directive Delegated Act) is to improve the security and protection of personal data of users of Internet-connected radio equipment so as to prevent fraud and misuse of networks.
The act applies to all radio equipment that can communicate autonomously via the Internet, either directly or via another equipment.
In addition to the essential requirements already included in the RED (2014/53/EU), the delegated act introduces some specific requirements:

• Protection of personal data by equipment designed for the purpose. In this respect, users must be clearly and transparently informed about how their personal data is collected, used and stored.
• Network security and resistance of radio equipment to cyber attacks.
• Fraud prevention, such as fraudulent identification.

What to expect from the entry into force of RED DA

The de facto RED DA came into effect in the European Union on January 12, 2022.
It was originally planned to be implemented in August 2024, regarding specific articles related to cybersecurity (3.3(d), (e), (f)). However, this date has been pushed back to August 1, 2025 due to the continued development of harmonized standards needed for compliance.
As a result, certain aspects of the RED DA have been active since 2022, but cybersecurity requirements for specific categories of radio equipment won’t become mandatory until August 2025.
The delegated act will heavily influence manufacturers of web-connected radio equipment, requiring them to redesign their products to meet new requirements. This step is crucial for enhancing security and safeguarding consumer data.

RED DA

---

Go back to the blog