Ein großer Antennenmast, der die Welt mit digitalen Signalen vernetzt

Radio Equipment Directive

The Radio Equipment Directive (RED) is an EU directive that defines the requirements for radio equipment. Radio equipment is defined as a product that emits and/or receives radio waves for the purpose of radio communication and/or radiolocation, even if it requires accessories (such as an antenna). Delegated Regulation (EU) 2022/30 supplements this directive with rules on the application of the three cybersecurity requirements for different classes of radio equipment, such as devices connected to the internet.

The goal is to ensure that radio devices are secure, compatible and interoperable – especially with regard to the protection of users and networks.

What supplier need to know now

The Delegated Regulation (EU) 2022/30 on the Radio Equipment Directive (RED) has been active since August 1, 2025. All radio equipment, from IoT devices, wearables and smart toys to machines with integrated radio modules, must now comply with the new requirements. This means

  • Binding cybersecurity for all affected devices

  • Legal & market security through application of harmonized standards EN 18031-1/2/3

  • High risks of non-compliance – from fines to product recalls

To meet these requirements, the focus is on three core obligations:

  • Network protection to prevent devices from causing disruption or misusing resources
  • Protection of personal data and privacy through secure access and data processing
  • Prevention of fraud, especially with devices that process payments or virtual currencies.

By implementing these points, suppliers create the basis for legally compliant CE marking and ensure the competitiveness of their products on the European market.

Security requirements of the Radio Equipment Directive

Article 3(3)(d)

They do not have a harmful effect on the network or its operation, nor do they cause misuse of network resources, which would cause an unacceptable impairment of the service.

Applies to all radio equipment that can communicate itself via the Internet, regardless of whether it communicates directly or via other devices (“Internet-connected radio equipment”)

Harmonized standard
EN-18031-1: Common security requirements for radio equipment – Part 1: Internet connected radio equipment

Article 3(3)(d)

Radio equipment shall incorporate safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected

Applies to the following radio equipment, provided that such radio equipment as defined in Article 4(2) of Regulation (EU) 2016/679
can process personal data as defined in Article 4(1) of Regulation (EU) 2016/679 or traffic data and
location data as defined in Article 2(b) and (c) of Directive 2002/58/EC:

  1. internet-connected radio equipment, other than the equipment referred to in points (b), (c) or (d);
  2. radio equipment designed or intended exclusively for childcare;
  3. radio equipment covered by Directive 2009/48/EC; (safety of toys)
  4. radio equipment designed or intended to be worn […] by human beings
    1. designed or intended to be worn, strapped to or hung from parts of the human body or clothing
    2. or on clothing worn by humans, including headgear, gloves and shoes

Harmonized standard
EN-18031-2: Common security requirements for radio equipment – Part 2: radio equipment processing data, namely Internet
connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

Article 3(3)(f)

They support certain functions to protect against fraud.

Applies to all radio equipment connected to the internet if it enables the owner or user to transfer money, monetary value or virtual currencies within the meaning of Article 2(d) of Directive (EU) 2019/713.

Harmonized standard
EN-18031-3: Common security requirements for radio equipment – Part 3: Internet connected radio equipment processing
virtual money or monetary value

How we support you in implementing the Radio Equipment Directive

Provision of guidelines and interpretations on normative and regulatory requirements
Creation of documents and provision of established templates for them!
Regular check-ins at which Limes Security is available as an external sparring partner to discuss plans, implementations and open questions. This ensures that your project makes steady progress.
Support in the creation of concrete security concepts for products.
Review of internally created documents and subsequent optimization proposals if necessary.
Joint implementation of security processes
for learning on the job, e.g:

  • Implementation of a workshop on threat modeling
  • Carrying out security assesments for your product

Defending what matters

The next cyberattack is coming! Are you prepared for this?

Let's talk!