Understanding the Radio Equipment Directive delegated acts 3(3)def: What manufacturers need to know

Starting August 1, 2025, the RED delegated acts 3(3)def will apply to most directly or indirectly internet-connectable radio equipment, including Internet of Things (IoT) devices, machinery, and equipment that have a radio interface. This delegated act introduces new cybersecurity requirements that also affect non-internet-connectable radio equipment, particularly those used in toys, childcare products, and wearables that process personal or location data. It also applies on internet-conneced radio equipment that enable monetary transactions

Manufacturers and importers of affected radio equipment must cease sales or placing of today’s products on the EU market, if these products do not conform with applicable new cybersecurity requirements of RED 3(3)def.

Most of today’s radio equipment are affected, as they do not as such conform with applicable cyber security requirements. Gaps in mandatory security mechanisms, design documents and testing reports require some degree of redesign of the radio equipment.

Businesses that fail to redesign their radio equipment in time are in risk of loosing market share to competitors with conforming products. Continuing the sales of non-conforming radio equipment in EU entails a big financial, legal and reputational risk due to market surveillance and recalls.

To enable supply of affected radio equipment products to EU based on a self-declaration of conformity, manufacturers must redesign their radio equipment according to the EN 18031 series standards.

The conformity assessment process involving a RED Notified Body further enables conformity using e.g. IEC 62443-4-series and ETSI 303 645 standards.

The redesign process starts with gaining a comprehensive understanding of security requirements that are applicable to the radio equipment.

By creating conforming radio equipment, manufacturers can in 2025-2027.

1. Protect and grow market share: Maintain the supply of conforming products in the EU market.

2. Protect and grow revenues: Safeguard sales revenues with existing customers with RED 3(3)def conforming products. Increase prices if lack of competition allows for it.

3. Gain competitive advantage: Capture market share from competitors who fail to meet compliance standards.

Etteplan offers valuable support for research and development teams in navigating the complexities of the EN 18031 standards. Our services include:

By collaborating with Etteplan, device and machinery manufacturers can leverage a wide range of expertise in embedded systems, cloud solutions, product security, and compliance. Our ISO 27001 certified Information Security Management System (ISMS) and IEC 62443-4-1 conforming Secure Product Development Lifecycle (SPDL) process facilitate the creation of secure-by-design products and digital services.

Radio Equipment Directive delegated acts 3(3)def presents both challenges and opportunities for manufacturers of wireless IoT devices on the EU market. As the deadline 1.8.2025 is soon here, it is crucial for companies to take proactive steps to redesign their products in compliance with the new regulations.

Don’t wait until it’s too late—start the redesign of your wirelessly connected products today! Etteplan is here to support you through this transition, ensuring that your products meet the necessary cybersecurity requirements while maintaining your competitive edge in the market.  Radio Equipment Directive 3(3)def is just the first step – Cyber Resilience Act will bring additional security requirements in end of 2027. Reach out to us for assistance in navigating the complexities of the Radio Equipment Directive and safeguarding your business's future.