Starting August 1, 2025, the European Union’s Radio Equipment Directive (RED 2014/53/EU) introduces mandatory cybersecurity requirements for all wireless products entering the EU market.
Manufacturers must now provide complete technical documentation, testing reports, and compliance declarations covering not only RF, EMC, and safety, but also cybersecurity (EN 18031 series).
Below is a comprehensive summary of the core documentation, new cybersecurity rules, and certificate validity conditions to help you ensure a smooth and compliant CE-RED certification process.
| Document Category | Core Content & Explanation | Special Reminders |
|---|---|---|
| Product Technical Documentation | • User Manual (English + relevant EU languages): Must display CE mark, declaration of conformity, safety notes, and wireless operation instructions. • Circuit & Block Diagrams: PCB layout, schematic diagrams, and Bill of Materials (BOM). • Wireless Technical Specification File: Includes detailed frequency, transmit power, and modulation descriptions. | Technical documentation is the core review focus — all data must be consistent and accurate. |
| Testing Samples & Reports | • Test Samples: Typically 1 normal sample + 1 fixed-frequency RF sample (continuous Tx/Rx). • Complete Test Reports: Cover RF, EMC, Electrical Safety (LVD), SAR, and Cybersecurity. | Fixed-frequency samples require special firmware or software configuration. |
| Compliance & Administrative Documents | • Declaration of Conformity (DoC): Signed by manufacturer. • Certification Application Form: Must include accurate product and manufacturer details. • Product Label & Label Design Drawing: Must reserve CE mark space, printed clearly and permanently. • EU Authorized Representative (EAR): Required for non-EU manufacturers. | Ensure CE mark height ≥ 5 mm, legible and indelible. |
The EN 18031 series standards are now harmonized under the CE-RED directive, focusing on cybersecurity, privacy, and fraud prevention.
All wireless products must pass cybersecurity testing to enter the EU market.
Devices must:
Not harm networks or misuse network resources (RED Article 3.3(d))
Protect users’ personal data and privacy (RED Article 3.3(e))
Prevent fraud or unauthorized transactions (RED Article 3.3(f))
Penetration Testing: Simulates hacker intrusion and DDoS resilience.
Firmware Security Audits: Detects vulnerabilities, encryption weaknesses, and update integrity.
Data Privacy Evaluation: Checks secure data storage, parental access, and authentication.
| Device Type | Key Requirements |
|---|---|
| Routers / Smart Gateways | Disable default passwords, enable secure update mechanisms. |
| Children’s / Wearable Devices | Require AES-256 encryption, location data protection, and parental controls. |
| Payment Terminals / Smart POS | Require transaction data validation, anti-tampering design, and multi-factor authentication. |
The process generally includes three main phases before entering post-market monitoring.
Preparation: Identify applicable standards and prepare all documentation.
Laboratory Testing: Submit product samples for testing under RF, EMC, LVD, SAR, and cybersecurity requirements.
Certification Review & Issuance: After passing all tests, the laboratory or Notified Body reviews the files and issues the CE-RED certificate.
Failed cybersecurity or EMC tests require rectification and retesting, which can extend the timeline by several weeks.
| Condition | Duration |
|---|---|
| Standard testing process | 4–8 weeks |
| Expedited service | 2–3 weeks (+30–50 % cost) |
| Additional cybersecurity retesting | +2–3 months (if required) |
CE-RED certificates have no fixed expiry date, but remain valid only under ongoing compliance.
The certificate becomes invalid when:
EU harmonized standards are updated (typically every 5 years).
Product design, hardware, or wireless parameters change.
The product fails to comply with new mandatory regulations (e.g., EN 18031 cybersecurity rules).
Manufacturers must retain complete technical documentation and the DoC for at least 10 years for EU market surveillance purposes.
Use wireless modules already certified for CE-RED.
This reduces testing complexity, time, and cost for final product certification.
Ensure permanent CE mark ≥ 5 mm height.
Maintain consistency across all technical and administrative files.
Keep all firmware versions aligned with tested versions.
Avoid using expired or outdated test reports when reapplying.
Non-compliant or falsely marked products may face:
Sales bans or customs seizure
Market recalls or destruction
Fines up to 4 % of global annual turnover
Blue Asia Technology (Shenzhen) is an ISO/IEC 17025-accredited testing laboratory specializing in wireless, EMC, and cybersecurity certification for global markets.
Our services include:
CE-RED full-scope testing (RF, EMC, LVD, SAR, EN 18031 cybersecurity)
FCC / UKCA / KC / RCM / SRRC / MIC multi-market approvals
Bluetooth SIG BQB, Wi-Fi Alliance, and USB-IF certification
Pre-testing & document preparation to prevent rework delays
Contact Blue Asia Technology
Phone / WeChat: +86 136-3422-5140
Email: king.guo@cblueasia.com
1️⃣ What documents are required for CE-RED certification?
→ User manual, circuit diagrams, wireless specs, DoC, test reports, and product labeling files.
2️⃣ What changed in 2025?
→ The EN 18031 cybersecurity standards became mandatory from August 1, 2025.
3️⃣ How long does certification take?
→ Normally 4–8 weeks; expedited service 2–3 weeks.
4️⃣ Does the CE-RED certificate expire?
→ No fixed expiration, but it becomes invalid if standards update or the product changes.
5️⃣ How long must documentation be kept?
→ At least 10 years for EU market inspection.
6️⃣ What happens if a product fails cybersecurity testing?
→ It must be corrected and retested before approval.
Need Support for CE-RED Documentation and Compliance?
Blue Asia Technology provides end-to-end certification support—covering EN 18031 cybersecurity, RF, EMC, safety, and administrative documentation.
Request a Free CE-RED Compliance Consultation →
King.guo@cblueasia.com +86 135-3422-5140
Related News
