The cybersecurity requirements of the EU Radio Equipment Directive (RED) will take effect in August 2025.
EU Radio Equipment Directive (RED) 2014/53/EU
The EU Radio Equipment Directive (RED) 2014/53/EU regulates the safety, health protection, electromagnetic compatibility, and effective use of radio equipment to ensure that devices on the market meet standards. Key cybersecurity requirements include:
- Article 3.3(d): Ensures that radio equipment does not harm networks or their functionality and does not misuse network resources, preventing service degradation. This includes:
- Monitoring and controlling network traffic
- Mitigating the effects of denial-of-service attacks
- Implementing authentication and access control mechanisms
- Article 3.3(e): Protects personal data and privacy. This applies to devices processing personal data, traffic data, or location data. Requirements include:
- Protecting data from unauthorized processing
- Providing automatic and secure software or firmware update mechanisms
- Article 3.3(f): Prevents fraud. This applies to devices supporting payment transactions. Requirements include:
- Preventing unauthorized transactions
- Protecting users from fraudulent activities
These cybersecurity requirements aim to address growing network threats and safeguard the security and privacy of radio equipment users.
The One cybersecurity testing laboratory offers testing services for IoT products based on ETSI EN 303 645 and ETSI TS 103 645. These services meet the cybersecurity testing requirements of the RED, providing robust support for your products entering the EU market.