Understanding the Radio Equipment Directive delegated acts 3(3)def: What manufacturers need to know
The Radio Equipment Directive (RED) is a crucial piece of legislation that governs the security and safety of radio equipment sold in the European Union. With the recent developments in cybersecurity requirements 3(3)def under RED, manufacturers and importers must be aware of the new requirements that start applying on August 1, 2025. This article explores the key aspects of the RED delegated acts 3(3)def, the new security requirements for internet-connectable devices, and how manufacturers can ensure conformity to remain competitive in the EU market.
Key changes under the Radio Equipment Directive
Starting August 1, 2025, the RED delegated acts 3(3)def will apply to most directly or indirectly internet-connectable radio equipment, including Internet of Things (IoT) devices, machinery, and equipment that have a radio interface. This delegated act introduces new cybersecurity requirements that also affect non-internet-connectable radio equipment, particularly those used in toys, childcare products, and wearables that process personal or location data. It also applies on internet-conneced radio equipment that enable monetary transactions
Implications for manufacturers and importers
Manufacturers and importers of affected radio equipment must cease sales or placingement of today’s products on the EU market, if these products do not conform with applicable new cybersecurity requirements of RED 3(3)def.
Most of today’s radio equipment are affected, as they do not as such conform with applicable cyber security requirements. Gaps in mandatory security mechanisms, design documents and testing reports require some degree of redesign of the radio equipment.
Businesses that fail to redesign their radio equipment in time are in risk of loosing market share to competitors with conforming products. Continuing the sales of non-conforming radio equipment in EU entails a big financial, legal and reputational risk due to market surveillance and recalls.
Redesigning for compliance
To enable supply of affected radio equipment products to EU based on a self-declaration of conformity, manufacturers must redesign their radio equipment according to the EN 18031 series standards.
The conformity assessment process involving a RED Notified Body further enables conformity using e.g. IEC 62443-4-series and ETSI 303 645 standards.
The redesign process starts with gaining a comprehensive understanding of security requirements that are applicable to the radio equipment.
Benefits of compliance
By creating conforming radio equipment, manufacturers can in 2025-2027.
1. Protect and grow market share: Maintain the supply of conforming products in the EU market.
2. Protect and grow revenues: Safeguard sales revenues with existing customers with RED 3(3)def conforming products. Increase prices if lack of competition allows for it.
3. Gain competitive advantage: Capture market share from competitors who fail to meet compliance standards.
How Etteplan can assist
Etteplan offers valuable support for research and development teams in navigating the complexities of the EN 18031 standards. Our services include:
- Specifying Security Requirements: We help define the applicable security requirements for your radio equipment and identifying the gap.
- Design, Implementation and Verification: Our team can assist in planning, implementing, and verifying necessary hardware and software design changes, ensuring your radio equipment conforms with EN 18031, IEC 62443-4 or ETSI 303 645 requirements.
- Documentation and Technical Files: We support you in compiling the technical file and provide assistance during in the RED conformity assessment process.
By collaborating with Etteplan, device and machinery manufacturers can leverage a wide range of expertise in embedded systems, cloud solutions, product security, and compliance. Our ISO 27001 certified Information Security Management System (ISMS) and IEC 62443-4-1 conforming Secure Product Development Lifecycle (SPDL) process facilitate the creation of secure-by-design products and digital services.
Conclusion
Radio Equipment Directive delegated acts 3(3)def presents both challenges and opportunities for manufacturers of wireless IoT devices on the EU market. As the deadline 1.8.2025 is soon here, it is crucial for companies to take proactive steps to redesign their products in compliance with the new regulations.
Don’t wait until it’s too late—start the redesign of your wirelessly connected products today! Etteplan is here to support you through this transition, ensuring that your products meet the necessary cybersecurity requirements while maintaining your competitive edge in the market. Radio Equipment Directive 3(3)def is just the first step – Cyber Resilience Act will bring additional security requirements in end of 2027. Reach out to us for assistance in navigating the complexities of the Radio Equipment Directive and safeguarding your business's future.
Ask our expert a question
Sales Director
Mandatory field
When you submit this form, our specialist will be in touch with you by email or telephone. By submitting the form you accept our privacy statement.