Since August 1, 2025, manufacturers of wireless devices seeking access to the EU market have faced a new reality: cybersecurity has become a mandatory access requirement on par with RF safety and electrical safety. This stems from key revisions to the EU's Radio Equipment Directive (RED). Below are the latest core dynamics and in-depth analysis.
The core of this update is the transition of Article 3.3 (d, e, f) of the RED Directive from "preparatory requirements" to mandatory enforcement. This means your wireless product must prove its ability to protect networks, user privacy, and financial transaction security—on equal footing with traditional EMC (Electromagnetic Compatibility) testing, RF (Radio Frequency) testing, and safety testing.
Specifically, these three articles directly correspond to a set of harmonized standards called EN 18031, providing manufacturers with a clear compliance path:
1.Network Protection: Your device must not endanger networks or abuse network resources (e.g., becoming a botnet for DDoS attacks). This is evaluated against EN 18031-1.
2.Privacy Protection: Devices processing personal data (e.g., smart watches, baby monitors) must have built-in protective measures such as end-to-end encryption and access control. This corresponds to EN 18031-2.
3.Financial Fraud Prevention: Devices involving electronic payments (e.g., mobile payment terminals) require enhanced transaction verification to prevent fraud. This corresponds to EN 18031-3.
A key detail: Annex D of the EN 18031 standards introduces mapping to the SESIP security framework. This means if your product's core modules (e.g., Wi-Fi/Bluetooth chips) have obtained SESIP certification, the complete machine manufacturer can reference this evidence—significantly simplifying the compliance process and saving time and costs.
II. Latest Regulatory Dynamics of CE RED Directive Certification
Beyond the already enforced cybersecurity requirements, the EU's regulatory landscape is undergoing more far-reaching changes that directly impact the future of RED:
1.Planned Transfer of Cybersecurity Regulatory Authority: In December 2025, the European Commission launched a public consultation on plans to formally repeal the current RED Cybersecurity Delegated Regulation (EU 2022/30) once the Cybersecurity Resilience Act (CRA) becomes fully applicable on December 11, 2027. This means starting from the end of 2027, cybersecurity requirements for wireless devices will no longer be governed by the RED Directive but will be unified under the broader-scoped CRA. Manufacturers need to prepare for a smooth transition between regulatory frameworks.
2.Continuous Updates to Technical Standards: The "harmonized standards" underlying the RED Directive are dynamically updated. For example, in December 2025, the European Commission just revised harmonized standards for short-range devices, Ultra-Wideband (UWB), and airborne communication systems. Old standards (e.g., EN 302 729 V2.1.1) will become invalid on June 11, 2027, replaced by new standards (e.g., EN 302 729-1 V3.1.1). Keeping up with these standard updates is key to ensuring long-term certification validity.
3.Relevant Eco-Design Regulations: While not directly part of the RED Directive, closely related to wireless devices is the new External Power Supplies Regulation (EU 2025/2052). This regulation not only mandates USB-C as the universal charging interface but also extends oversight to wireless chargers and USB-C data cables, setting stricter energy efficiency and labeling requirements. Most provisions will be mandatorily enforced by the end of 2028. Together with RED's universal charger requirements, this forms a hard constraint on product design.
In summary, the latest connotation of CE RED Certification in 2025-2026 is: While meeting traditional technical requirements, cybersecurity must be integrated as an intrinsic product attribute ("Security by Design"), with close attention to the future trend of regulatory framework transition from RED to CRA.
If you can share the specific type of wireless product you are focusing on (e.g., smart home devices, wearables, or industrial IoT modules), I can analyze the more specific compliance priorities for you.
BLUEASIA Technology: +86 13534225140 provides professional certification consulting services.
Related News
