Your strategic partner in testing and certification

Complete our quick form

GET A QUOTE

Ensure Your Radio Equipment Meets the New RED Cybersecurity Standards

From August 2025, all radio devices sold in the EU must comply with the latest cybersecurity requirements of the Radio Equipment Directive (RED):

  • Article 3.3(d): Network Security
  • Article 3.3(e): Protection of Personal Data & Privacy
  • Article 3.3(f): Protection from Fraud

What Does This Mean for Manufacturers and How To Achieve Compliance?

On January 28, 2025, the European Commission harmonised the EN 18031 standards for the Radio Equipment Directive (RED) cybersecurity articles (3.3(d), 3.3(e), and 3.3(f)), introducing specific restrictions. The harmonisation with restrictions opened two different compliance routes for manufacturers.

Self-Assessment Route

Manufacturers may demonstrate compliance through self-assessment if they fully implement EN 18031 series in their product design and cybersecurity measures, or if the restrictions specified in the Commission’s decision do not apply to their product. Even if self-assessment is an option, relying on expert evaluation can significantly reduce the risk of compliance issues, ensuring your product’s market access and protecting your brand from costly setbacks.

Notified Body Assessment

If your product does not meet the criteria for self-assessment, then you must undergo a conformity assessment by a Notified Body (NB).

Is Your Product Affected by the RED Articles 3.3(d), (e), and (f)?

Use our infographic or contact us to determine if your product falls under the new RED cybersecurity requirements.

infographic of red cybersecurity compliance service

Our RED Cybersecurity Compliance Services

1. Gap Analysis

  • Comprehensive review of your product’s specifications and documentation
  • Identification of applicable RED cybersecurity requirements
  • Analysis of evidence and detection of compliance gaps
  • Close gaps before formal evaluation

2. Cybersecurity Compliance Assessment

  • Official evaluation against EN 18031 standard
  • Detailed compliance report for one, two, or all three RED articles
  • Guidance on implementing necessary cybersecurity measures

3. Notified Body Services

  • Applus+ Laboratories is a Notified Body (NB 0370) for the RED Directive, including cybersecurity
  • One point of contact for all testing and certification needs
  • Obtain a single EU Type Approval Certificate covering all RED requirements
  • Independent assurance for your clients and stakeholders

Why Choose Applus+ Laboratories for Our RED Cybersecurity Compliance Services?

Choosing the right partner for your Radio Equipment Directive (RED) cybersecurity compliance is crucial. Applus+ Laboratories offers:

  • Expertise: Decades of experience in radio equipment and cybersecurity certification
  • Global Reach: Cybersecurity offices in Spain, US, Canada, China, and South Korea
  • Comprehensive Support: From initial gap analysis to final certification
  • Peace of Mind: Reduce compliance risks and avoid costly setbacks

Contact us today to request your RED Cybersecurity Evidence Checklist and start your compliance journey with confidence.

/Laboratories/GLOBAL/Category-Services/1.TESTING-SERVICES/cybersecurity-evaluations/by-standards-schemes/red-equipment-directive-red-cybersecurity-compliance-services

GET A QUOTE

FAQ Title

The RED now includes Articles 3.3(d) (network security), 3.3(e) (protection of personal data and privacy), and 3.3(f) (protection from fraud), which mandate cybersecurity measures for radio equipment.

From 1 August 2025, all radio devices sold in the EU must comply.

Any radio equipment that:

  • Connects to the internet
  • Processes personal, location, or traffic data
  • Enables financial transactions
  • Includes IoT devices, wearables, connected toys, and childcare products

EN 18031 is the harmonised European standard for cybersecurity testing and certification to comply with the RED cybersecurity articles 3.3(d), 3.3(e) and 3.3(f).

Self‑assessment is possible if you fully implement EN 18031 or if regulatory restrictions do not apply to you. Otherwise, a Notified Body assessment is required.

Non‑compliant products cannot be placed on the EU market and may be subject to withdrawal, fines, or other penalties.

We provide gap analysis, official EN 18031 evaluations, and Notified Body certification services to ensure your products meet all RED cybersecurity requirements.

Contact us for our comprehensive RED Cybersecurity Evidence Checklist.

Contact our experts for personalised support.

RELATED SERVICES TO Radio Equipment Directive (RED) Cybersecurity Compliance Services – EN 18031 & Notified Body Certification

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

Cookie settings panel