RED Cybersecurity Requirements
FOR CONSUMER IoT DEVICES

NAVIGATING THE RED CYBERSECURITY REQUIREMENTS

Time is ticking for manufacturers to make sure their devices comply with the Radio Equipment Directive (RED) cybersecurity requirements before the August 1st, 2025 deadline. If manufacturers do not achieve compliance with RED before August 1st, 2025, they will be forced to take their non-compliant products off the shelves, leading to potential market disruptions and financial losses. With the typical turnaround time for the RED compliance process ranging from 6 to 9 months, it is crucial to start preparing now to avoid these consequences.

The European Commission has announced that the application of the Radio Equipment Directive (RED) cybersecurity requirements will be extended to August 1st, 2025. This means that any devices in the scope of the RED Delegated Act will need to be compliant when placed into the European market after August 1, 2025.

At Bureau Veritas, we understand the challenges and complexities of meeting these evolving cybersecurity standards. Our comprehensive compliance solutions are designed to help you navigate the regulatory landscape and prepare your devices for the upcoming RED requirements.

As a leading provider of testing, inspection, and certification services, Bureau Veritas offers a comprehensive range of solutions to help you meet the RED cybersecurity requirements:

1. Gap Analysis and Consultation
· Our specialists review your product design, documentation, and processes to identify potential gaps and areas for improvement.
· We provide detailed recommendations and guidance to align your devices with the RED cybersecurity provisions.

2. Testing and Validation
· Our state-of-the-art laboratories are equipped to perform rigorous testing and validation of your IoT devices against the RED requirements.
· We assess various aspects, such as secure communication, data protection, software updates, and resilience against cyber threats.
· Additional testing areas include:

· Password complexity: We evaluate the strength and robustness of password requirements for your IoT devices.
· Communication channel traffic (Radio Test): Our experts conduct thorough radio testing to ensure secure communication channels and protect against unauthorized access.
· Interface security: We assess the security of all interfaces to identify and address potential vulnerabilities.
· PCB security: Our team examines the physical security of printed circuit boards (PCBs) to prevent tampering and unauthorized modifications.

3. Certification and Regulatory Support
· Bureau Veritas is accredited to provide certification services for the RED, ensuring your devices meet the necessary cybersecurity standards.
· Our team stays up-to-date with the latest regulatory developments and can guide you through the certification process, helping you achieve compliance efficiently.

The RED cybersecurity requirements apply to a wide range of consumer IoT devices that use radio technology for communication over the internet. Some examples of devices that fall under the scope of these regulations include:

1. Communication Devices 
· Mobile phones
· Tablets
· Electronic cameras
· Telecommunication equipment

2 IoT-Connected Devices 
· Smart home appliances (e.g., refrigerators, thermostats, lighting systems)
· Connected toys and childcare equipment (e.g., baby monitors)
· Wearable devices (e.g., smartwatches, fitness trackers)
· Connected industrial devices

3. Other Radio Equipment
· Wireless routers and access points
· Bluetooth devices
· Wi-Fi enabled products