What is the Radio Equipment Directive (RED)?
The EU Directive 2014/53/EU – known as the Radio Equipment Directive (RED) – is a key regulatory framework for the marketing of radio equipment within the European Economic Area. It defines essential requirements for safety, electromagnetic compatibility, and the efficient use of radio spectrum. With the RED Delegated Act 2022/30 (RED DA), binding cybersecurity requirements will be introduced starting August 1, 2025, primarily affecting manufacturers of connected devices. This marks a significant step towards integrating cybersecurity into product regulation – similar to the approach of the Cyber Resilience Act (CRA) , which, however, applies to all digital products regardless of communication technology. To avoid regulatory overlap, the repeal of Delegated Regulation 2022/30 is expected with the CRA’s entry into force in December 2027.
RED applies to a wide range of devices that transmit or receive radio waves, including Wi-Fi-enabled products, Bluetooth devices, wearables, smart home components, and IoT systems. The new requirements oblige economic operators to implement security mechanisms that protect networks, personal data, and prevent fraudulent activities.
At SCHUTZWERK, we understand the challenges involved in implementing RED cybersecurity requirements. Our expert team supports you in evaluating your products, implementing technical safeguards, and conducting conformity assessments to ensure legally compliant and future-ready market entry.
Objective
Support in implementing and maintaining RED compliance through specialized security assessments
Question
How can we effectively meet the requirements of the Radio Equipment Directive?
Scope
Radio-enabled products within the scope of RED requirements
Cybersecurity under RED – a new compliance requirement
The extended RED introduces, for the first time, concrete security requirements for radio-enabled devices as of August 2025. The aim is to establish a consistent level of security for connected products using radio technologies across the EU.
RED requires manufacturers to ensure that their radio products:
- do not harm or disrupt networks,
- protect users’ personal data and privacy,
- cannot be misused for fraudulent purposes.
These requirements significantly impact the design, development, and operation of connected products. Particularly affected are devices with internet access, app connectivity, user accounts, or payment functions. To meet these requirements, manufacturers can refer to the measures defined in the harmonised standards EN 18031-1/2/3. These ensure products meet “Security by Design” and “by Default” principles.
Protection of networks, data, and against fraud
Manufacturers must ensure their products do not negatively impact communication networks, safeguard user privacy, and prevent fraud – especially in devices used for payments or confidential communication. We assist in developing appropriate safeguards and security architecture for your products. For already developed products, we conduct security assessments , such as penetration tests .
Security requirements in the development process
Cybersecurity must now be integrated “by design” into product development processes. SCHUTZWERK provides in-depth threat and risk analyses and technical consulting for implementing secure hardware and software architectures. Our embedded security team specifically analyzes potential vulnerabilities – from in-depth firmware analysis to wireless interfaces.
Conformity assessment and technical documentation
Implementing RED requirements requires a structured conformity assessment – either internally (Module A) or via a notified body. We support you in selecting the appropriate procedure, preparing the CE Declaration of Conformity, and compiling technical documentation in accordance with RED.
Our Services
Threat and Risk Assessment
We develop relevant threat scenarios for your product and assess the resulting risks to derive appropriate security requirements and measures. This includes evaluating the risks of radio products related to network access, data processing, and potential misuse.
Security Architecture
We help design and implement secure architectures that meet RED requirements while supporting efficient development processes.
Secure Development
We guide you in establishing security-focused development processes in line with RED and related standards.
Product Security Assessments
Our comprehensive security assessments help identify vulnerabilities in your products and systems. We provide detailed insights and practical improvement suggestions.
Penetration Testing
Our specialized penetration tests help evaluate the security of your products and identify potential vulnerabilities – with a particular focus on wireless interfaces such as Bluetooth, Wi-Fi, Zigbee, or LTE.
Implementation Approach
Our approach to implementing RED cybersecurity requirements is based on a structured four-step model:
- Product analysis and comparison with the scope of RED and EN 18031
- Technical security assessment and targeted penetration testing
- Consulting on security architecture and safeguards
- Support with conformity assessment, CE documentation, and future CRA strategy
This ensures your product is both legally compliant and securely positioned in the market.
Benefits of Working with SCHUTZWERK
Partnering with SCHUTZWERK offers you:
- Deep understanding of both technical security requirements and regulatory frameworks
- Experience with frameworks such as RED, EN 18031, and CRA
- Practical expertise in implementing product security measures
- Comprehensive testing and evaluation capabilities
- Ongoing support and guidance throughout your compliance journey
- Independent and objective security expertise
Our goal is to make your products not only compliant, but also resilient and trustworthy – ensuring sustainable market access in Europe.