Upcoming changes in the RED certification in Europe

Delegated Act (EU) 2022/30 supplements the Radio Equipment Directive (RED) 2014/53/EU as regards the implementation of essential cybersecurity requirements in Article 3.3(d), (e), (f)

 

Scope of RED DA

The aim of RED DA (Radio Equipment Directive Delegated Act) is to improve the security and protection of personal data of users of internet-connected radio equipment, so as to prevent fraud and misuse.

The law applies to any radio equipment that can communicate autonomously over the internet, directly or through other equipment.

In addition to the basic requirements already included in RED (2014/53/EU), the delegated act introduces some specific requirements:

• Protection of personal data by equipment designed for that purpose. In this regard, users must be clearly and transparently informed about how their personal data is collected, used and stored.
• Network security and resilience of radio equipment against cyberattacks.
• Preventing fraud, such as fraudulent identification.

What to expect from the entry into force of RED DA

The RED DA de facto entered into force in the European Union on 12 January 2022. It was initially planned to be implemented in August 2024 for specific articles related to cybersecurity (3.3(d), (e), (f)). However, this date was postponed to 1 August 2025 due to the ongoing development of harmonised standards needed for compliance.

As a result, some aspects of RED DA are active from 2022, but cybersecurity requirements for specific categories of radio equipment will not become mandatory until August 2025.

The delegated act will have a major impact on manufacturers of network-connected radio equipment, requiring them to redesign their products to meet the new requirements.

This step is crucial to increase security and protect user data.

 

The full text of the directive can be downloaded here: https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj