There were an estimated 703 million mobile cellular subscriptions in Europe in 2021. 

This represents a penetration rate of 121% of the population

Approximately 9.6 billion Wi-Fi devices were used globally by the end of 2021

This number is higher than the present population of the Earth.

Understanding Radio Equipment Directive 2014/53/EU (RED)?

With the emergence of Wi-Fi, Bluetooth, and NFC, more products becoming internet-connected devices and behaving like radio equipment that are used in several fields of our life. Radio equipment covers a range of products, including devices that intentionally emit and/or receive radio waves for communication, such as mobile phones, smart devices, and Wi-Fi routers, as well as devices that use radio frequencies for remote control functions, such as garage door openers and remote-controlled toys.These products fall under the scope of the RED and must undergo a conformity assessment procedure to ensure that they meet the essential requirements of the directive before they can be placed on the European market. The RED provides several options for manufacturers to demonstrate their products meet EU requirements:
‍1. Internal Production Control (Module A): this method allows manufacturers to assess their products internally, provided that they have the necessary competence and capabilities to evaluate equipment and its documentation.If the manufacturer does not have the competency for conformity assessment, has not applied the harmonized standards, or if there are no harmonized standards for the given essential requirements, then the manufacturer shall select one of the following options:
‍2. EU-Type Examination (Module B) + Conformity to Type (Module C): First stage (module B): this approach requires an independent assessment by a Notified Body. The Notified Body examines the technical design of the radio equipment and verifies that it meets the essential requirements. This means the manufacturer must create detailed technical documentation demonstrating compliance with the product design and production capabilities. Although the Notified Body examines only the relevant documents, this documentation must include test reports covering the various aspects of the RED essential requirements. If the manufacturer lacks the competence to perform the necessary tests, a competent testing laboratory can be engaged. After a positive result from the EU-Type Examination, the Notified Body issues the certificate.
The Second stage (module C):
Next, the manufacturer must ensure ongoing compliance through internal production controls.
‍3. Full Quality Assurance (Module H):
‍For this option, the manufacturer implements a comprehensive quality management system, which is then assessed and approved by a Notified Body. This ensures that the production processes consistently produce compliant products, providing the highest level of assurance.
Ultimately, the manufacturer is responsible for the compliance of its product, regardless of whether a Notified Body was involved in the conformity assessment procedure or not.

After the successful conformity assessments, the manufacturer must complete the technical documentation (including the certificate issued by the Notified Body, if necessary) and draw up the Declaration of Conformity. Only after these steps can the CE Marking be affixed to the product, allowing it to be placed on the EU market.
To better understand the above conformity assessment options, it's important to know about the relevance of the harmonized status of a European standard. A European standard, issued by CEN, CENELEC, or ETSI, becomes harmonized when it is listed in the Official Journal of the European Union under the given directive or regulation. A harmonized standard is prepared to address appropriate provisions for the essential requirements. That is why if a product complies with all applicable harmonized standards, it is presumed to comply with the essential requirements set out in the directive.The harmonized standards under RED can be checked on the EU website.
The Delegated Regulation (EU) 2022/30 was adopted by the European Commission (EC) in October 2021 and will enter into force in August 2025. This act specifies that internet-connected radio equipment shall comply with the cybersecurity-related essential requirements as well.
Currently, there is no harmonized standard to cover the cybersecurity aspects of essential requirements of the Radio Equipment Directive. However, the standard ETSI EN 303 645 has been widely accepted by the industry and is also used as the state of the art by notified bodies for conformity assessment of consumer IoT devices. EU Commission mandated CEN and CENELEC to prepare harmonized standards EN 18031-1, EN 18031-2, and EN 18031-3 that will cover the new cybersecurity requirements for the Radio Equipment Directive. These measures address various aspects of cybersecurity in the EU to ensure that radio equipment is secure, reliable, and compatible across different EU member states. If there is no harmonized standard for the cybersecurity aspects of RED essential requirements, the manufacturer shall apply for Notified Body certification.
The planned standard series EN 18031 will apply to internet-connected radio equipment. When the standard is selected for the designing of a product and the conformity assessment, it’s important to carefully verify the scope of the standards to check their applicability. Depending on the intended use, and the purpose of the product, different standards may be applicable for consumer IoT devices and industrial control systems and components. In the latter case the standard series IEC 62443 should be used.