Radio Equipment Directive (RED)

Get to know more about RED cybersecurity requirements

The Radio Equipment Directive 2014/53/EU (RED) establishes a legal framework for radio equipment by laying down essential standards for electromagnetic compatibility, safety, health, and radio spectrum efficiency. Article 3(3) of the Directive is intended to replace requirements for radio-specific equipment, including cybersecurity and common interfaces.The deadline to comply with the new cybersecurity requirements of RED is just around the corner. Article 3 (3) of the Radio Equipment Directive (RED) specifies cybersecurity requirements for radio equipment sold within the EU.

The three essential requirements are:

  • 3(3)(d), to ensure network protection;

  • 3(3)(e), to ensure safeguards for the protection of personal data and privacy;

  • 3(3)(f), to ensure protection from fraud.

The new requirements took effect on February 1, 2022, and will become mandatory on August 1, 2025 according to the latest decision of the European Commision. This gives manufacturers a 42-month transition period. 

There were an estimated 703 million mobile cellular subscriptions in Europe in 2021. 

This represents a penetration rate of 121% of the population

Approximately 9.6 billion Wi-Fi devices were used globally by the end of 2021

This number is higher than the present population of the Earth.

Do you need support to get prepared before the upcoming deadline?

If yes, then you came to the right place. CCLab is ready to help you comply with the existing cybersecurity standards that are likely to be the basis for the future harmonized standards of the RED Delegated Act, such as  IoT cybersecurity standard ETSI EN 303 645. and  ISA/IEC 62443-4-2 standard for Industrial Control System Cybersecurity. Compliance with these relevant standards can help demonstrate conformity with the relevant requirements of the RED.

As both consumer IoT devices and certain types of ICS equipment may fall under the scope of the RED, adherence to relevant cybersecurity standards and practices is essential for compliance. Adhering to these standards can enhance the security, privacy, and reliability of radio equipment and consumer IoT devices, aligning with the objectives of the RED.We provide consultation and testing, services for both Consumer IoT devices and for Industrial IoT components that comply with the RED directive. Either a statement of conformity or certification will be provided as evidence after the successful evaluation.Request a free consultation with one of our experts to find out how your internet-connected products could be affected by RED.

What is  Radio Equipment Directive 2014/53/EU (RED)?

With the emergence of Wi-Fi, Bluetooth, and NFC, more products becoming connected devices and behaving like radio equipment. Radio equipment covers a range of products including devices that intentionally emit and/or receive radio waves for communication, as well as devices that use radio frequencies for an internal function, such as remote control devices.

These products fall under the scope of the RED and must undergo a conformity assessment procedure to ensure that they meet the essential requirements of the directive before they can be placed on the European market. This includes testing and evaluation of the product's compliance based on the relevant harmonized standards and technical specifications.

According to a Communication from the European Commission (EC), a delegated act has been adopted in relation to the Radio Equipment Directive (RED), which sets out various cybersecurity requirements that manufacturers, importers, and distributors must comply with in order to place their wireless products on the EU market. The regulation will enhance cybersecurity, personal data protection, and fraud protection for wireless devices available on the EU market.

This delegated act was adopted by the European Commission (EC) in October 2021 and will enter into force in August 2025.
The EC plans to create new harmonized standards based on the requirements of the new delegated act.
Based on workshops and presentations from the ESOs and commission, the harmonized standards will likely be based on existing IoT cybersecurity standards EN 303 645 and IEC 62443-4-2.

Why RED directive is important?

1.

Because it is a regulatory framework that ensures that radio equipment placed on the European market meets certain safety, health, and environmental protection requirements.

2.

Requires manufacturers to carry out conformity assessments to demonstrate that their products comply with the relevant technical standards and requirements. This process helps to ensure that radio equipment meets minimum safety requirements and reduces the risk of harm to users, third parties, and the environment.

3.

By implementing the RED directive, the European Union aims to harmonize regulations across member states and create a level playing field for manufacturers.

To prepare for the entry into force of the Directive, we recommend taking a look at how these standards may impact your internet-connected product’s design. Contact us to find out what conditions your product must meet in order to comply with the ETSI EN 303 645 or ISA/IEC 62443-4-2 standards.

How does cybersecurity for consumer IoT devices and Industrial Control Systems (ICS) relate to RED?

Consumer IoT and industrial control system (ICS) cybersecurity are related to the RED (Radio Equipment Directive) in addressing security requirements for radio equipment placed on the EU market. While the RED primarily focuses on ensuring safety, electromagnetic compatibility, and efficient use of the radio spectrum, it also emphasizes the importance of security considerations for all types of radio equipment. Both consumer IoT devices and ICS components may fall under the scope of the RED, and adherence to relevant cybersecurity standards and practices is essential for compliance.

Consumer IoT devices cybersecurity - ETSI EN 303 645

ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. It contains a set of 13 security categories and some provisions specifically focused on Data Protection.  The ETSI EN 303 645 standard aims to prepare IoT devices to be protected against the most common cybersecurity threats and to prevent large-scale attacks against connected devices. It provides a basis for future IoT certification schemes. 

The Radio Equipment Directive (RED) covers a broad range of radio equipment intended for consumer use e.g. smart home devices, wearable devices, home automation devices, and connected healthcare devices.

Consumer IoT manufacturers seeking RED compliance for IoT devices can benefit from following the cybersecurity guidelines provided by ETSI EN 303 645. These guidelines address aspects such as secure development practices, vulnerability management, secure communication, and user privacy.

CCLab provides consultation, and testing services, and issues a statement of conformity after the successful evaluation for Consumer IoT devices based on ETSI EN 303 645.Do you need support to evaluate your consumer IoT device?

CONTACT US

Industrial Control System cybersecurity - ISA/IEC 62443

ISA/IEC 62443 is a globally recognized set of cybersecurity standards designed to safeguard industrial automation and control systems (IACS). These standards provide a comprehensive framework for establishing secure and resilient IACS environments, helping to protect critical infrastructure such as power plants, manufacturing facilities, oil and gas installations, and transportation systems.

The ISA/IEC 62443 series consists of several parts, each focusing on different aspects of industrial cybersecurity. IEC 62443-4-2 outlines the processes and practices that should be followed while developing and implementing IACS components to mitigate cybersecurity risks. It specifies the technical security requirements that manufacturers and developers should consider to ensure the secure design, coding, and testing of their products.

Certain types of ICS equipment that include radio functions or wireless communication capabilities may be subject to RED, e.g. wireless sensors, remote controllers, and wireless communication modules. These radio equipment manufacturers can benefit from following the principles and best practices outlined in ISA/IEC 62443. Adhering to these standards can help in developing secure radio equipment that aligns with the objectives of the RED, particularly with regard to the security and privacy aspect

CCLab is ready to help you to conform and comply with the desired standards and security levels.

CONTACT US

How can CCLab help?

One-stop-shop solution including cybersecurity testing, single FPOC

Semi-automated solutions, followed by automation (in 2023)

Agile project management to maximize efficiency

Global outreach, no language barriers

Quick turnaround time

Participating in industrial working groups

You don’t have enough information about Radio Equipment Cybersecurity?

check our faq

Do you need support for your Radio Equipment Security project?

CONTACT US