Radio Equipment Directive (RED) Compliance

Get to know more about RED cybersecurity requirements
Get a free consult

Companies who chose us

Radio Equipment Directive Overview

The Radio Equipment Directive 2014/53/EU (RED) establishes a legal framework for radio equipment by laying down essential standards for electromagnetic compatibility, safety, health, and radio spectrum efficiency. Article 3(3) of the Directive is intended to replace requirements for radio-specific equipment, including cybersecurity and common interfaces.The deadline to comply with the new cybersecurity requirements of RED is just around the corner. Article 3 (3) of the Radio Equipment Directive (RED) specifies cybersecurity requirements for radio equipment sold within the EU.

Essential Requirements of the RED Directive

  • 3(3)(d), to ensure network protection;

  • 3(3)(e), to ensure safeguards for the protection of personal data and privacy;

  • 3(3)(f), to ensure protection from fraud.

The new requirements took effect on February 1, 2022, and will become mandatory on August 1, 2025 according to the latest decision of the European Commision. This gives manufacturers a 42-month transition period. 

Red Directive's Impact on IoT Security

There were an estimated 703 million mobile cellular subscriptions in Europe in 2021. 

This represents a penetration rate of 121% of the population

Approximately 9.6 billion Wi-Fi devices were used globally by the end of 2021

This number is higher than the present population of the Earth.

Are you prepared for the upcoming RED cybersecurity requirements?

Get professional support and get prepared before the upcoming deadline!

CCLab is ready to help you comply with the existing cybersecurity standards that are likely to be the basis for the future harmonized standards of the RED Delegated Act, such as  IoT cybersecurity standard ETSI EN 303 645. and  ISA/IEC 62443-4-2 standard for IIoT Industrial Control System Cybersecurity. Compliance with these relevant standards can help demonstrate conformity with the relevant requirements of the RED.

As both consumer IoT devices and certain types of ICS equipment may fall under the scope of the RED, adherence to relevant cybersecurity standards and practices is essential for compliance. Adhering to these standards can enhance the security, privacy, and reliability of radio equipment and consumer IoT devices, aligning with the objectives of the RED.We provide consultation and testing, services for both Consumer IoT devices and for Industrial IoT components that comply with the RED directive. Either a statement of conformity or certification will be provided as evidence after the successful evaluation.Request a free consultation with one of our experts to find out how your internet-connected products could be affected by RED.

The definitive guide to crafting Compliant IoT Devices and high-quality developer documentation for ETSI EN 303 645 Certification

Facing challenges?

Are you finding it difficult to navigate the complexities of ETSI EN 303 645 for securing your IoT devices?

Wondering if your existing product documentation meets the stringent standards set out by this cybersecurity benchmark?

Do you feel that meeting ETSI's security requirements is an intricate and overwhelming task?

Whether you're gearing up for your first dive into the Internet of Things (IoT) security certification, or you're looking to refine your approach to compliance with ETSI EN 303 645 without unnecessary expenditure of time and resources,

This course is your key to unlocking simplicity in compliance.

Enroll now

Understanding Radio Equipment Directive 2014/53/EU (RED)?

With the emergence of Wi-Fi, Bluetooth, and NFC, more products becoming connected devices and behaving like radio equipment. Radio equipment covers a range of products including devices that intentionally emit and/or receive radio waves for communication, as well as devices that use radio frequencies for an internal function, such as remote control devices.

These products fall under the scope of the RED and must undergo a conformity assessment procedure to ensure that they meet the essential requirements of the directive before they can be placed on the European market. This includes testing and evaluation of the product's compliance based on the relevant harmonized standards and technical specifications.

According to a Communication from the European Commission (EC), a delegated act has been adopted in relation to the Radio Equipment Directive (RED), which sets out various cybersecurity requirements that manufacturers, importers, and distributors must comply with in order to place their wireless products on the EU market. The regulation will enhance cybersecurity, personal data protection, and fraud protection for wireless devices available on the EU market.

This delegated act was adopted by the European Commission (EC) in October 2021 and will enter into force in August 2025.
The EC plans to create new harmonized standards based on the requirements of the new delegated act.
Based on workshops and presentations from the ESOs and commission, the harmonized standards will likely be based on existing IoT cybersecurity standards EN 303 645 and IEC 62443-4-2.

Why is the RED directive important?


Regulatory Framework

Ensures radio equipment meets safety, health, and environmental protection requirements in the European market


Conformity Assessments

Requires manufacturers to demonstrate compliance with technical standards, reducing risks and ensuring safety.



Aims to harmonize regulations across member states, creating a level playing field for manufacturers.

Prepare Your Product for RED Compliance

Get your product ready for RED compliance by understanding the ETSI EN 303 645 or ISA/IEC 62443-4-2 standards and conditions. Contact us for guidance.

Cybersecurity for Consumer IoT Devices and ICS Components in RED

How does cybersecurity for consumer IoT devices
and Industrial Control Systems (ICS) components relate to RED?

Consumer IoT and industrial control system (ICS) cybersecurity are related to the RED (Radio Equipment Directive) in addressing security requirements for radio equipment placed on the EU market. While the RED primarily focuses on ensuring safety, electromagnetic compatibility, and efficient use of the radio spectrum, it also emphasizes the importance of security considerations for all types of radio equipment. Both consumer IoT devices and ICS components may fall under the scope of the RED, and adherence to relevant cybersecurity standards and practices is essential for compliance.

Consumer IoT devices cybersecurity - ETSI EN 303 645

ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. It contains a set of 13 security categories and some provisions specifically focused on Data Protection.  The ETSI EN 303 645 standard aims to prepare IoT devices to be protected against the most common cybersecurity threats and to prevent large-scale attacks against connected devices. It provides a basis for future IoT certification schemes. 

The Radio Equipment Directive (RED) covers a broad range of radio equipment intended for consumer use e.g. smart home devices, wearable devices, home automation devices, and connected healthcare devices.

Consumer IoT manufacturers seeking RED compliance for IoT devices can benefit from following the cybersecurity guidelines provided by ETSI EN 303 645. These guidelines address aspects such as secure development practices, vulnerability management, secure communication, and user privacy.

CCLab provides consultation, and testing services, and issues a statement of conformity after the successful evaluation for Consumer IoT devices based on ETSI EN 303 645.Do you need support to evaluate your consumer IoT device?


Industrial Control System cybersecurity - ISA/IEC 62443

ISA/IEC 62443 is a globally recognized set of cybersecurity standards designed to safeguard industrial automation and control systems (IACS). These standards provide a comprehensive framework for establishing secure and resilient IACS environments, helping to protect critical infrastructure such as power plants, manufacturing facilities, oil and gas installations, and transportation systems.

The ISA/IEC 62443 series consists of several parts, each focusing on different aspects of industrial cybersecurity. IEC 62443-4-2 outlines the processes and practices that should be followed while developing and implementing IACS components to mitigate cybersecurity risks. It specifies the technical security requirements that manufacturers and developers should consider to ensure the secure design, coding, and testing of their products.

Certain types of ICS equipment that include radio functions or wireless communication capabilities may be subject to RED, e.g. wireless sensors, remote controllers, and wireless communication modules. These radio equipment manufacturers can benefit from following the principles and best practices outlined in ISA/IEC 62443. Adhering to these standards can help in developing secure radio equipment that aligns with the objectives of the RED, particularly with regard to the security and privacy aspect

CCLab is ready to help you to conform and comply with the desired standards and security levels.


How can CCLab help

One-stop-shop solution including cybersecurity testing, single FPOC

Semi-automated solutions, followed by automation (in 2024)

Agile project management to maximize efficiency

Global outreach, no language barriers

Quick turnaround time

Participating in industrial working groups

Check Our FAQ for More Information

Do you have questions about Radio Equipment Cybersecurity and RED compliance? Explore our FAQ for answers.

check our faq

Contact Us for Radio Equipment Security Support

Need assistance with your Radio Equipment Security project? Reach out to us for expert guidance.



Kenneth Lasoski

Kenneth Lasoski

Versa Networks

Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.

Thierry Bonda

Thierry Bonda


CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.

Jake Nelson

Jake Nelson

Corsec Security Inc.

The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.

Alexander Testov

Alexander Testov

AO Kaspersky Lab.

"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."

Dayton Marcucci

Dayton Marcucci

HID Global

The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.

Jaime Chica

Jaime Chica

NXP Semiconductors

It was a well-managed project which achieved success in an effortless manner.

Kalev Pihl

Kalev Pihl

SK ID Solutions

We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.

Israr Ahmed

Israr Ahmed

Ascertia Ltd.

On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.

Zsolt Rózsahegyi

Zsolt Rózsahegyi

I4P Informatics Ltd.

Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.