Radio Equipment Directive – Cybersecurity Requirements
Cybersecurity is a critical aspect of the Radio Equipment Directive (RED), and as such, there are specific cybersecurity requirements that must be met by manufacturers of radio equipment. Article 3 (3) of the Radio Equipment Directive specifies cybersecurity requirements for radio equipment sold within the EU. The three essential requirements are:
- 3(3)(d), to ensure network protection;
- 3(3)(e), to ensure safeguards for the protection of personal data and privacy;
- 3(3)(f), to ensure protection from fraud.
The importance of cybersecurity requirements for the Radio Equipment Directive (RED) cannot be overstated, as they play a crucial role in ensuring the safety, security, and privacy of users of radio equipment within the European Union (EU). Here are some of the reasons why cybersecurity requirements are essential for the RED:
- Protection against cyber threats: Radio equipment is vulnerable to cyber threats, such as hacking, malware, and other cyberattacks. Having cybersecurity requirements for the RED help to ensure that radio equipment is designed and manufactured in such a way that it can resist cyber threats, and protect the confidentiality, integrity, and availability of data transmitted and received by the equipment.
- Compliance with regulations: Compliance with cybersecurity requirements is mandatory for manufacturers of radio equipment before placing their products on the market or putting them into service. Failure to comply with these requirements can result in severe penalties and damage to a company's reputation.
- Ensuring interoperability: Cybersecurity requirements for the RED help to ensure that radio equipment is designed and manufactured in such a way that it is interoperable with other devices and systems. This ensures that radio equipment can work seamlessly with other devices and systems, without compromising the security and privacy of users.
- Protecting personal data: Radio equipment may transmit and receive personal data, and as such, it is essential to ensure that this data is protected against unauthorized access and theft.
Download our new fact sheet to learn more about EN 18031 and RED Cybersecurity Requirements, which products are impacted, and what steps you should take today in order to make sure your products comply.
The new requirements took effect in February 2022, but do not become mandatory until August 1, 2025. Although there are some exceptions for otherwise regulated categories of devices, the delegated act applies to most direct and indirect Internet-connected radio equipment, childcare products, toys, and personal wearable data collection equipment.
Although harmonized standards for the cybersecurity requirements do not yet exist, many of our customers are engaging early with Intertek in preparation for these mandatory requirements. Our customers are leveraging our Cyber Assured services for 3rd party certification to existing state-of-the-art Standards.
Intertek offers the complete range of evaluation, certification and assurance services to launch successful connected products. Contact us to learn more.
Knowledge Center
- Cybersecurity Awareness Training Fact Sheet
- Common Criteria Certification Process Fact Sheet
- FIPS 140-3 Process and Service Offerings Fact Sheet
- 5G Technology Assurance Solution Fact Sheet
- Cyber Security Risk in a Mass Remote Working Environment Webinar
- Intertek Cyber Assured Fact Sheet
- Consumer Product Focused Cyber Security Test and Certification Program
- PCI PIN Transaction Security (PTS) Cyber Security Fact Sheet
- Cyber Security Assurance Overview
- ANSI/UL 2900 Cyber Security Assessments Fact Sheet
- Software Assurance Overview
- Network Certification Guides
- Guide to PTCRB Certification
- Guide to Verizon ODI Process
Upcoming Events
Cybersecurity Assurance Overview
Intertek provides tailor-made security solutions designed and executed based upon risk factors commonly associated with your specific product and industry.