The new regulations for the EU Radio Equipment Directive (CE-RED) represent a significant update to EU market access in 2025, with the core change being mandatory cybersecurity requirements. Below, I outline the key information of these new regulations, particularly the cybersecurity clauses effective from August 1, 2025.
The most critical aspect of this RED directive update is the introduction of Articles 3.3(d), (e), and (f) concerning cybersecurity and the clarification of their corresponding harmonized standards, the EN 18031 series. This means wireless devices can no longer enter the EU market by passing only traditional RF, safety, and EMC tests; they must meet the new cybersecurity norms.
The table below clearly lists these three key articles and their corresponding standards:
RED Directive Article Core Requirement Corresponding Harmonized Standard
Article 3.3(d) Requires equipment does not harm the network or its functioning nor misuse network resources (e.g., prevent DDoS attacks). EN 18031-1 (For radio equipment with internet connectivity capability)
Article 3.3(e) Requires equipment incorporates safeguards to ensure personal data and privacy of users are protected. EN 18031-2 (For equipment processing personal data, e.g., connected devices, child care devices, toys, wearables)
Article 3.3(f) Requires equipment supports certain features to ensure fraud prevention (primarily for financial transaction-related devices). EN 18031-3 (For connected equipment handling virtual currency or monetary value)
CE-RED Certification Scope and Key Limitations:
1.Applicable Product Scope: The new regulations cover almost all devices with wireless communication functions. Specifically:
·EN 18031-1: Applies to all radio equipment with network connectivity functions, such as phones, tablets, Wi-Fi routers, smart home appliances.
·EN 18031-2: Applies to devices processing personal data, e.g., Bluetooth headsets, smartwatches, baby monitors, smart sensors.
·EN 18031-3: Applies to devices handling virtual currency or monetary value, e.g., POS terminals, ATMs.
2.Important Limitations and Exemptions:
·Limitations for Some Standard Applications:** Crucially, if a product does not fully conform to certain specific clauses of the standard, the manufacturer cannot self-declare and must undergo certification via an EU Notified Body (NB). Key limitations include:
Password Setting:Devices must require user-set passwords, disallowing no password or empty passwords.
Parental Controls:Childcare devices and toy radio equipment must have parental/guardian access control mechanisms.
Financial Device Security Updates:For devices handling financial assets, using only a single method (e.g., digital signature only) for secure updates is insufficient.
·Specific Domain Exemptions:Radio equipment covered by specific regulations like medical devices, civil aviation safety, and vehicle type-approval are exempt from Articles 3.3(e) and (f) requirements.
Impact on Companies and Compliance Recommendations:
1.Determine Compliance Path:
·First, identify which category of the EN 18031 series your product falls under.
·Carefully evaluate if the product design meets the key limitations mentioned (e.g., mandatory passwords, parental controls). If met, you can choose the Self-declaration conformity assessment path; otherwise, you must seek certification from an EU Notified Body (NB).
2.Optimize Certification Strategy:
·Use Certified Modules: Prioritize using core communication modules (e.g., Wi-Fi, Bluetooth) already certified for RED (including EN 18031) in product design. This can significantly simplify the final product certification process and reduce costs.
·Conduct Early Gap Analysis:Immediately perform a gap analysis against the EN 18031 standards on existing products or design samples to identify and fix potential security vulnerabilities, e.g., check firmware security mechanisms, data encryption measures.
3.Avoid Potential Risks:
·Market Ban and High Fines:Starting August 1, 2025, non-compliant products will be banned from sale in the EU market. Violations can lead to product recalls, removal from the market, and potential fines up to 4% of the company's global annual turnover.
·Supply Chain Responsibility:Importers and distributors are also responsible for verifying product compliance. Failure to do so may result in shared liability and costs with the manufacturer.
We hope this overview of the EU CE-RED new regulations helps you better understand and respond to these changes. If you can share your specific product type, BLUEASIA Tech: 13632500972 will provide professional certification consulting services!
相关新闻
