The Radio Equipment Directive 2014/53/EU (RED) establishes a legal framework for radio equipment by laying down essential standards for electromagnetic compatibility, safety, health, and radio spectrum efficiency. Article 3(3) of the Directive is intended to replace requirements for radio-specific equipment, including cybersecurity and common interfaces.The deadline to comply with the new cybersecurity requirements of RED is just around the corner. Article 3 (3) of the Radio Equipment Directive (RED) specifies cybersecurity requirements for radio equipment sold within the EU.
3(3)(d), to ensure network protection;
3(3)(e), to ensure safeguards for the protection of personal data and privacy;
3(3)(f), to ensure protection from fraud.
The new requirements took effect on February 1, 2022, and will become mandatory on August 1, 2025 according to the latest decision of the European Commision. This gives manufacturers a 42-month transition period.
This represents a penetration rate of 121% of the population
This number is higher than the present population of the Earth.
Get professional support and get prepared before the upcoming deadline!
CCLab is ready to help you comply with the existing cybersecurity standards that are likely to be the basis for the future harmonized standards of the RED Delegated Act, such as IoT cybersecurity standard ETSI EN 303 645. and ISA/IEC 62443-4-2 standard for IIoT Industrial Control System Cybersecurity. Compliance with these relevant standards can help demonstrate conformity with the relevant requirements of the RED.
As both consumer IoT devices and certain types of ICS equipment may fall under the scope of the RED, adherence to relevant cybersecurity standards and practices is essential for compliance. Adhering to these standards can enhance the security, privacy, and reliability of radio equipment and consumer IoT devices, aligning with the objectives of the RED.We provide consultation and testing, services for both Consumer IoT devices and for Industrial IoT components that comply with the RED directive. Either a statement of conformity or certification will be provided as evidence after the successful evaluation.Request a free consultation with one of our experts to find out how your internet-connected products could be affected by RED.
With the emergence of Wi-Fi, Bluetooth, and NFC, more products becoming connected devices and behaving like radio equipment. Radio equipment covers a range of products including devices that intentionally emit and/or receive radio waves for communication, as well as devices that use radio frequencies for an internal function, such as remote control devices.
These products fall under the scope of the RED and must undergo a conformity assessment procedure to ensure that they meet the essential requirements of the directive before they can be placed on the European market. This includes testing and evaluation of the product's compliance based on the relevant harmonized standards and technical specifications.
According to a Communication from the European Commission (EC), a delegated act has been adopted in relation to the Radio Equipment Directive (RED), which sets out various cybersecurity requirements that manufacturers, importers, and distributors must comply with in order to place their wireless products on the EU market. The regulation will enhance cybersecurity, personal data protection, and fraud protection for wireless devices available on the EU market.
This delegated act was adopted by the European Commission (EC) in October 2021 and will enter into force in August 2025.
The EC plans to create new harmonized standards based on the requirements of the new delegated act.
Based on workshops and presentations from the ESOs and commission, the harmonized standards will likely be based on existing IoT cybersecurity standards EN 303 645 and IEC 62443-4-2.
Get your product ready for RED compliance by understanding the ETSI EN 303 645 or ISA/IEC 62443-4-2 standards and conditions. Contact us for guidance.
ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. It contains a set of 13 security categories and some provisions specifically focused on Data Protection. The ETSI EN 303 645 standard aims to prepare IoT devices to be protected against the most common cybersecurity threats and to prevent large-scale attacks against connected devices. It provides a basis for future IoT certification schemes.
The Radio Equipment Directive (RED) covers a broad range of radio equipment intended for consumer use e.g. smart home devices, wearable devices, home automation devices, and connected healthcare devices.
Consumer IoT manufacturers seeking RED compliance for IoT devices can benefit from following the cybersecurity guidelines provided by ETSI EN 303 645. These guidelines address aspects such as secure development practices, vulnerability management, secure communication, and user privacy.
CCLab provides consultation, and testing services, and issues a statement of conformity after the successful evaluation for Consumer IoT devices based on ETSI EN 303 645.Do you need support to evaluate your consumer IoT device?
ISA/IEC 62443 is a globally recognized set of cybersecurity standards designed to safeguard industrial automation and control systems (IACS). These standards provide a comprehensive framework for establishing secure and resilient IACS environments, helping to protect critical infrastructure such as power plants, manufacturing facilities, oil and gas installations, and transportation systems.
The ISA/IEC 62443 series consists of several parts, each focusing on different aspects of industrial cybersecurity. IEC 62443-4-2 outlines the processes and practices that should be followed while developing and implementing IACS components to mitigate cybersecurity risks. It specifies the technical security requirements that manufacturers and developers should consider to ensure the secure design, coding, and testing of their products.
Certain types of ICS equipment that include radio functions or wireless communication capabilities may be subject to RED, e.g. wireless sensors, remote controllers, and wireless communication modules. These radio equipment manufacturers can benefit from following the principles and best practices outlined in ISA/IEC 62443. Adhering to these standards can help in developing secure radio equipment that aligns with the objectives of the RED, particularly with regard to the security and privacy aspect
CCLab is ready to help you to conform and comply with the desired standards and security levels.
Do you have questions about Radio Equipment Cybersecurity and RED compliance? Explore our FAQ for answers.
Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.
CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.
The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.
"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."
The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.
It was a well-managed project which achieved success in an effortless manner.
We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.
On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.
Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.