The Radio Equipment Directive 2014/53/EU has been postponed to 2025 by the European Union (EU). This extension aims to accommodate the extensive product coverage and provide adequate preparation time for manufacturers. Consequently, the enforcement date has been rescheduled to August 1, 2025.
The "Radio Equipment Directive 2014/53/EU (RED)" has been approved by the European Commission. It has established a regulatory framework for the radio equipment market, emphasizing essential requirements for health, safety, electromagnetic compatibility (EMC), and efficient radio spectrum utilization. The directive's Article 3(3) provides specific device standards for radio equipment, including everything from common interfaces to network security.
The European Union formally issued the delegated rule 2022/30/EU on January 12, 2022, mandating compliance with RED Article 3.3(d), (e), and (f) regarding network security requirements. This regulation requires network security, personal data privacy, and fraud protection for applicable wireless devices sold in the EU market. The original implementation date has been pushed back by one year to August 1, 2025, giving manufacturers a 42-month transition period. This extension aims to accommodate the extensive product coverage and provide adequate preparation time for manufacturers. Consequently, the enforcement date has been rescheduled to August 1, 2025. The implementation of this extension awaits the official release and effectuation of RED OJ.
Within Article 3(3) of the RED directive, the following key points are highlighted: |
|
Article 3(3), point (d): Demanding improved network protection capabilities, manufacturers must incorporate network security features to prevent disruption of communication networks, websites, or services. |
|
Article 3(3), point (e): Strengthening the safeguarding of personal data privacy, manufacturers must implement protective measures to prevent unauthorized access to or transmission of consumer personal data. |
|
Article 3(3), point (f): Reducing the risk of financial fraud, manufacturers must provide enhanced user authorization mechanisms for electronic payments/digital transactions |
While certain device types, such as automotive and aviation equipment, are exempt from regulatory compliance, most wireless devices with internet connectivity, including mobile phones, laptops, and wearable devices, fall within the scope of this directive.
Currently, the standards for these network security requirements are still being developed. Based on the information released by the European Union, future standards will draw upon existing network security standards EN 303 645 and IEC 62443-4-2.
How to adhere to the latest RED cybersecurity regulations and seize the IoT supply chain market in the EU?
Enterprises must plan to ensure the fulfillment of these regulatory requirements and expectations. Bureau Veritas will fully assist clients in enhancing their products' network security and obtaining the certification.
Bureau Veritas is a global leader in TIC services, offering holistic solutions to clients worldwide. We specialize in supporting manufacturers to comply with EN 303 645 and IEC-62443 standards, obtaining certifications for network security. Our specialists assist in various areas such as Industrial Control Systems (ICS), Industrial Internet of Things (IIoT), 5G, and the Internet of Things (IoT), enabling clients to implement robust security measures. Through thorough assessments, we enhance network security resilience and mitigate risks, facilitating quicker market access and enhancing competitiveness. At Bureau Veritas, we prioritize providing reliable services for network security, empowering businesses to thrive in the dynamic digital landscape.
Stay connected with us!
Receive our Technology Newsletters and free webinars updates.
Subscribe Now