Devices connected to the internet must meet safety and health requirements set in the Radio Equipment Directive (RED). Some examples of such products are smart TVs, smart lighting systems, baby monitors, smart household appliances, robot vacuums, smartphones, smartwatches, and many more. Since recently, this Directive includes additional aspects to ensure a certain level of protection against cyber-attacks. Almost as old as the internet, cyber-attacks are unauthorised attempts to gain access to data with the aim of stealing, disrupting, altering, or destroying information.
RED to include new requirements for the protection of personal data
Over the past years, concerns related to data protection have been increasing following the broad use of wireless devices by consumers, professionals, and also children. In January 2022, the European Union introduced with the Commission Delegated Regulation (EU) 2022/30 new provisions for every wireless device to guarantee network security and safeguard personal data and privacy protection. This includes the protection of stored information such as pictures, videos, payment details, localisation data as well as data related to experiences, habits, and any other personal information.
Initially planned for August 2024, the new requirements will now apply from August 2025 and become mandatory for every internet-enabled device sold in the European Union, whether manufactured in the EU or not.
Notified bodies supporting cyber security assessments
To meet the new regulatory requirements of 2025, manufacturers of wireless devices have two possibilities to demonstrate conformity. They can either apply harmonised standards, which will probably be published around June 2024, or rely on notified bodies.
Notified bodies are third-party bodies that assess the conformity of products for the EU market. Under the Radio Equipment Directive, the involvement of a notified body is voluntary if the manufacturer can test and assess the products independently. However, manufacturers, brand owners, and other companies can demonstrate the cyber security of their wireless products with a voluntary certification. The European Commission website NANDO lists all accredited notified bodies under the RED legislation.
Electronics manufacturers, including manufacturers of wireless devices, must meet several health and safety requirements if they want to sell on the European market. An authorised representative for your products will assist you in complying with the relevant regulations and allow you to place your products on the EU market safely.
SGS (2023) Radio Equipment Directive (RED) Delegated Act for Cybersecurity Officially Postponed to 2025: What Does it Mean? Retrieved on 05.09.2023.
TÜV SÜD (2023) Testing the cyber security of wireless devices for the EU market. Retrieved on 05.09.2023.
European Commission (2022) Commission Delegated Regulation (EU) 2022/30 of 29 October 2021 supplementing Directive 2014/53/EU of the European Parliament and of the Council with regard to the application of the essential requirements referred to in Article 3(3), points (d), (e) and (f), of that Directive. Retrieved on 05.09.2023.