Learn how to enhance consumer data protection if your organization produces network-connected radio equipment. Delegated Act (EU) 2022/30 supplements the Radio Equipment Directive (RED) 2014/53/EU, focusing on essential cybersecurity requirements under Article 3.3 (d), (e), and (f).

The RED DA (Radio Equipment Directive Delegated Act), effective on August 1, 2025, aims to improve cybersecurity for consumer devices with wireless connectivity in the European Union market:

• Equipment that uses radio technology for internet communication, such as phones, tablets, cameras, telecommunications equipment
• Devices that can transmit data through IoT technologies
• Toys and equipment such as baby monitors
• Wearable devices such as smartwatches or fitwatches
• Networked industrial control devices

TÜV Rheinland Group provides leading expertise in the RED DA field.

Our support focuses on the essential cybersecurity requirements outlined in the Act:

• Article 3.3d, addressed in harmonized standard prEN 18031-1, for network protection
• Article 3.3e addressed in the harmonized standard prEN 18031-2, for personal data protection
• Article 3.3f, addressed in harmonized standard prEN 18031-3, for fraud risk minimization

We recommend that you start by understanding the RED DA framework through a GAP Analysis, i.e. an analysis that highlights the level of compliance of your product with the cybersecurity requirements of the regulation, and identifies necessary corrective actions for achieving compliance declaration Compliance. The analysis includes a thorough investigation of the product and conducting resilience testing.

If product certification is necessary, we assist in preparing the technical compliance documentation and handle all reporting. Upon completion, the Assessment Report, issued by TÜV Rheinland as a third party, will clearly show RED DA compliance according to the prEN 18031. standard.