Know your Global Compliance Risk in 60 seconds.

Know your Global Compliance Risk in 60 seconds.

Radio Equipment Directive – Cybersecurity (EU RED) Compliance

Radio Equipment Directive – Cybersecurity (EU RED) Compliance

Radio Equipment Directive – Cybersecurity (EU RED) Compliance

Cybersecurity & Data Protection Laws

Radio Equipment Directive 2014/53/EU — Delegated Regulation (EU) 2022/30 (Articles 3.3(d), (e), (f))
Radio Equipment Directive 2014/53/EU — Delegated Regulation (EU) 2022/30 (Articles 3.3(d), (e), (f))

Every Wireless Product on the EU Market Now Requires Cybersecurity Conformity. Can You Prove It?

Every Wireless Product on the EU Market Now Requires Cybersecurity Conformity. Can You Prove It?

Every Wireless Product on the EU Market Now Requires Cybersecurity Conformity. Can You Prove It?

RED cybersecurity compliance has been mandatory since August 1, 2025. Every internet-connected radio device placed on the EU market must meet EN 18031 standards for network protection, data privacy, and fraud prevention—or lose CE marking eligibility. Non-compliant products cannot legally be sold. Certivo automates RED cybersecurity evidence collection from supplier security attestations to audit-ready conformity documentation.

RED cybersecurity compliance has been mandatory since August 1, 2025. Every internet-connected radio device placed on the EU market must meet EN 18031 standards for network protection, data privacy, and fraud prevention—or lose CE marking eligibility. Non-compliant products cannot legally be sold. Certivo automates RED cybersecurity evidence collection from supplier security attestations to audit-ready conformity documentation.

RED cybersecurity compliance has been mandatory since August 1, 2025. Every internet-connected radio device placed on the EU market must meet EN 18031 standards for network protection, data privacy, and fraud prevention—or lose CE marking eligibility. Non-compliant products cannot legally be sold. Certivo automates RED cybersecurity evidence collection from supplier security attestations to audit-ready conformity documentation.

See How Certivo Automates RED Cybersecurity Compliance

See How Certivo Automates RED Cybersecurity Compliance

3

3

3

Essential cybersecurity requirements now mandatory (Articles 3.3(d), (e), (f))

Aug 1, 2025

Aug 1, 2025

Aug 1, 2025

Enforcement date—already in effect

Dec 11, 2027

Dec 11, 2027

Dec 11, 2027

CRA transition date—RED cybersecurity repealed, CRA takes over

Regulation Overview

Jurisdiction

Jurisdiction

Jurisdiction

European Union / European Economic Area

European Union / European Economic Area

Regulatory Body

Regulatory Body

Regulatory Body

European Commission / National Market Surveillance Authorities

European Commission / National Market Surveillance Authorities

Regulation Number

Regulation Number

Regulation Number

Directive 2014/53/EU; Delegated Regulation (EU) 2022/30; Implementing Decision (EU) 2025/138

Directive 2014/53/EU; Delegated Regulation (EU) 2022/30; Implementing Decision (EU) 2025/138

Effective Date

Effective Date

Effective Date

Mandatory from August 1, 2025 (repealed December 11, 2027, when CRA takes over)

Mandatory from August 1, 2025 (repealed December 11, 2027, when CRA takes over)

Official Source

Official Source

Official Source

https://single-market-economy.ec.europa.eu/sectors/electrical-and-electronic-engineering-industries-eei/radio-equipment-directive-red_en

Key Threshold

Key Threshold

Key Threshold

All internet-connected radio equipment placed on the EU market

All internet-connected radio equipment placed on the EU market

What is RED Cybersecurity?

What is RED Cybersecurity?

What is RED Cybersecurity?

The Radio Equipment Directive is the EU's market access framework for radio equipment. Delegated Regulation (EU) 2022/30 activated three cybersecurity essential requirements—Articles 3.3(d), (e), and (f)—making network protection, personal data privacy, and fraud prevention mandatory for internet-connected radio devices.

Since August 1, 2025, all wireless products placed on the EU market must demonstrate cybersecurity conformity against harmonised standards EN 18031-1, EN 18031-2, and EN 18031-3. Products that fail to comply cannot carry CE marking and are blocked from the EU market. The requirements apply to any radio equipment that communicates over the internet directly or through another device.

RED cybersecurity compliance requires component-level security attestations from suppliers—covering authentication mechanisms, default credential policies, encryption, secure update processes, and vulnerability handling. When restricted clauses in EN 18031 are triggered, Notified Body involvement becomes mandatory.

Key Components / Sub-Frameworks

Obligation

Radio equipment must not harm networks or misuse resources, causing degradation of service

Article 3.3(d)

Network protection

Article 3.3(d)

Network protection

Obligation

Radio equipment must not harm networks or misuse resources, causing degradation of service

Obligation

Radio equipment must incorporate safeguards for personal data, traffic data, and location data

Article 3.3(e)

Privacy and data protection

Article 3.3(e)

Privacy and data protection

Obligation

Radio equipment must incorporate safeguards for personal data, traffic data, and location data

Obligation

Radio equipment enabling monetary or virtual currency transfers must prevent fraud

Article 3.3(f)

Fraud prevention

Article 3.3(f)

Fraud prevention

Obligation

Radio equipment enabling monetary or virtual currency transfers must prevent fraud

Obligation

Maps to Article 3.3(d); grants presumption of conformity (with restrictions)

EN 18031-1:2024

Harmonised standard for network security

EN 18031-1:2024

Harmonised standard for network security

Obligation

Maps to Article 3.3(d); grants presumption of conformity (with restrictions)

Obligation

Maps to Article 3.3(e); covers childcare devices, wearables, toys processing personal data

EN 18031-2:2024

Harmonised standard for data privacy

EN 18031-2:2024

Harmonised standard for data privacy

Obligation

Maps to Article 3.3(e); covers childcare devices, wearables, toys processing personal data

Obligation

Maps to Article 3.3(f); covers payment-enabled radio equipment

EN 18031-3:2024

Harmonised standard for financial security

EN 18031-3:2024

Harmonised standard for financial security

Obligation

Maps to Article 3.3(f); covers payment-enabled radio equipment

RED Cybersecurity Is Now MandatoryAnd CRA Transition Planning Must Start Immediately

RED Cybersecurity Is Now MandatoryAnd CRA Transition Planning Must Start Immediately

RED Cybersecurity Is Now MandatoryAnd CRA Transition Planning Must Start Immediately

RED Cybersecurity Is Now MandatoryAnd CRA Transition Planning Must Start Immediately

RED cybersecurity requirements have been enforceable since August 1, 2025. Products placed on the EU market without EN 18031 conformity risk market withdrawal. Simultaneously, the Cyber Resilience Act repeals RED cybersecurity on December 11, 2027—manufacturers must plan for both frameworks now.

RED cybersecurity requirements have been enforceable since August 1, 2025. Products placed on the EU market without EN 18031 conformity risk market withdrawal. Simultaneously, the Cyber Resilience Act repeals RED cybersecurity on December 11, 2027—manufacturers must plan for both frameworks now.

RED cybersecurity requirements have been enforceable since August 1, 2025. Products placed on the EU market without EN 18031 conformity risk market withdrawal. Simultaneously, the Cyber Resilience Act repeals RED cybersecurity on December 11, 2027—manufacturers must plan for both frameworks now.

RED cybersecurity requirements have been enforceable since August 1, 2025. Products placed on the EU market without EN 18031 conformity risk market withdrawal. Simultaneously, the Cyber Resilience Act repeals RED cybersecurity on December 11, 2027—manufacturers must plan for both frameworks now.

Key Compliance Requirements

Key Compliance Requirements

Who Must Comply

Who Must Comply

  • Manufacturers of internet-connected radio equipment placed on the EU market

  • Importers placing radio equipment with digital connectivity on the EU market

  • Distributors making in-scope radio equipment available in the EU

  • Non-EU companies selling through EU importers or authorized representatives

  • Companies integrating radio modules into finished products (end-product responsibility)

  • OEMs using third-party wireless modules in consumer or industrial devices

Get a RED Cybersecurity Compliance Assessment

Get a RED Cybersecurity Compliance Assessment

Key Thresholds

Internet connectivity

Any radio equipment communicating over the internet directly or via another device

Internet connectivity

Any radio equipment communicating over the internet directly or via another device

Personal data processing

Equipment processing personal, traffic, or location data triggers Article 3.3(e)

Personal data processing

Equipment processing personal, traffic, or location data triggers Article 3.3(e)

Financial transactions

Equipment enabling money or virtual currency transfers triggers Article 3.3(f)

Financial transactions

Equipment enabling money or virtual currency transfers triggers Article 3.3(f)

Restricted clauses

Triggering EN 18031 restrictions (e.g., allowing password-free operation) requires Notified Body assessment

Restricted clauses

Triggering EN 18031 restrictions (e.g., allowing password-free operation) requires Notified Body assessment

Core Obligations

Core Obligations

1

Cybersecurity Conformity

Meet essential requirements of Articles 3.3(d), (e), and/or (f) per product scope

DEADLINE

Mandatory since August 1, 2025

2

CE Marking

Affix CE marking only after successful conformity assessment against EN 18031

DEADLINE

Required for EU market placement

3

Technical Documentation

Maintain technical file demonstrating conformity with applicable EN 18031 clauses

DEADLINE

Available for market surveillance on request

4

Declaration of Conformity

Issue EU Declaration of Conformity covering cybersecurity essential requirements

DEADLINE

At time of market placement

5

CRA Transition

Prepare for full CRA application replacing RED cybersecurity provisions

DEADLINE

December 11, 2027

1

Cybersecurity Conformity

Meet essential requirements of Articles 3.3(d), (e), and/or (f) per product scope

DEADLINE

Mandatory since August 1, 2025

2

CE Marking

Affix CE marking only after successful conformity assessment against EN 18031

DEADLINE

Required for EU market placement

3

Technical Documentation

Maintain technical file demonstrating conformity with applicable EN 18031 clauses

DEADLINE

Available for market surveillance on request

4

Declaration of Conformity

Issue EU Declaration of Conformity covering cybersecurity essential requirements

DEADLINE

At time of market placement

5

CRA Transition

Prepare for full CRA application replacing RED cybersecurity provisions

DEADLINE

December 11, 2027

RED Cybersecurity-Specific Pain Points

RED Cybersecurity-Specific Pain Points

The EN 18031 Restricted Clause Trap
The EN 18031 Restricted Clause Trap
The EN 18031 Restricted Clause Trap

You follow EN 18031 for self-assessment—but your product allows users to skip password setup. That single design choice triggers a restricted clause, voids your presumption of conformity, and forces Notified Body involvement. Without systematic tracking of restricted clause applicability across your product portfolio, you discover the gap during market surveillance—not during design.

The Dual-Framework Countdown
The Dual-Framework Countdown
The Dual-Framework Countdown

RED cybersecurity is mandatory now. CRA replaces it on December 11, 2027. Your product roadmap spans both timelines. Products placed on the market before December 2027 remain under RED surveillance. Products placed after must meet CRA requirements. Without a unified compliance evidence management system, you're maintaining two parallel conformity programs.

The Component Responsibility Gap
The Component Responsibility Gap
The Component Responsibility Gap

EN 18031 certification applies to the finished product, not individual modules. Your supplier's pre-certified Wi-Fi module supports RED compliance—but doesn't replace it. The end-product manufacturer bears full responsibility. If your supplier's security attestation doesn't cover restricted clauses, your conformity assessment fails.

The Supply Chain Attestation Black Hole
The Supply Chain Attestation Black Hole
The Supply Chain Attestation Black Hole

You need security attestations from every supplier providing radio modules, firmware, or connected components. Supplier 1 provides a generic cybersecurity statement. Supplier 2 has no EN 18031 mapping. Supplier 3 references ETSI EN 303 645 instead of EN 18031. None of the evidence maps cleanly to your Declaration of Conformity.

Certivo In Action

Certivo in Action RED Cybersecurity Workflow

GET EVIDENCE IN

Collect Cybersecurity Attestations and Security Documentation from Every Supplier—Without the Chasing

CORA launches targeted campaigns to collect supplier security attestations, EN 18031 test reports, vulnerability disclosures, and firmware update commitments. Automated follow-up in suppliers' native languages.

  • Launch RED cybersecurity campaigns to hundreds of component suppliers with one click

  • CORA-powered outreach requesting EN 18031 compliance evidence, test reports, and security attestations

  • Accept any format: test lab reports, PDF attestations, EN 18031 checklists, freeform responses

  • Track response rates and escalate non-responders automatically

GET EVIDENCE IN

Collect Cybersecurity Attestations and Security Documentation from Every Supplier—Without the Chasing

CORA launches targeted campaigns to collect supplier security attestations, EN 18031 test reports, vulnerability disclosures, and firmware update commitments. Automated follow-up in suppliers' native languages.

  • Launch RED cybersecurity campaigns to hundreds of component suppliers with one click

  • CORA-powered outreach requesting EN 18031 compliance evidence, test reports, and security attestations

  • Accept any format: test lab reports, PDF attestations, EN 18031 checklists, freeform responses

  • Track response rates and escalate non-responders automatically

MAKE SENSE OF IT

Know Instantly Which Products Meet EN 18031 Requirements—and Where Restricted Clauses Apply

CORA parses supplier security documentation, validates against EN 18031 requirements, and flags restricted clause exposure and conformity gaps automatically.

  • CORA extracts security properties, authentication mechanisms, update capabilities, and encryption details

  • Automatic validation against Articles 3.3(d), (e), and (f) requirements

  • Restricted clause detection identifying where Notified Body involvement is required

  • Product-level conformity status with gap analysis per applicable EN 18031 standard

MAKE SENSE OF IT

Know Instantly Which Products Meet EN 18031 Requirements—and Where Restricted Clauses Apply

CORA parses supplier security documentation, validates against EN 18031 requirements, and flags restricted clause exposure and conformity gaps automatically.

  • CORA extracts security properties, authentication mechanisms, update capabilities, and encryption details

  • Automatic validation against Articles 3.3(d), (e), and (f) requirements

  • Restricted clause detection identifying where Notified Body involvement is required

  • Product-level conformity status with gap analysis per applicable EN 18031 standard

PROVE COMPLIANCE OUT

Generate Technical Files and Declarations of Conformity in Hours, Not Weeks

Produce audit-ready technical documentation, EU Declarations of Conformity, and customer-facing RED cybersecurity evidence instantly from validated supplier data.

  • One-click technical file packages covering Articles 3.3(d), (e), (f) conformity

  • Pre-structured Declaration of Conformity templates aligned with RED requirements

  • Customer-specific RED cybersecurity compliance packages with full traceability

  • Complete audit trail for every supplier attestation, validation, and conformity decision

PROVE COMPLIANCE OUT

Generate Technical Files and Declarations of Conformity in Hours, Not Weeks

Produce audit-ready technical documentation, EU Declarations of Conformity, and customer-facing RED cybersecurity evidence instantly from validated supplier data.

  • One-click technical file packages covering Articles 3.3(d), (e), (f) conformity

  • Pre-structured Declaration of Conformity templates aligned with RED requirements

  • Customer-specific RED cybersecurity compliance packages with full traceability

  • Complete audit trail for every supplier attestation, validation, and conformity decision

GET EVIDENCE IN

Collect Cybersecurity Attestations and Security Documentation from Every Supplier—Without the Chasing

CORA launches targeted campaigns to collect supplier security attestations, EN 18031 test reports, vulnerability disclosures, and firmware update commitments. Automated follow-up in suppliers' native languages.

  • Launch RED cybersecurity campaigns to hundreds of component suppliers with one click

  • CORA-powered outreach requesting EN 18031 compliance evidence, test reports, and security attestations

  • Accept any format: test lab reports, PDF attestations, EN 18031 checklists, freeform responses

  • Track response rates and escalate non-responders automatically

MAKE SENSE OF IT

Know Instantly Which Products Meet EN 18031 Requirements—and Where Restricted Clauses Apply

CORA parses supplier security documentation, validates against EN 18031 requirements, and flags restricted clause exposure and conformity gaps automatically.

  • CORA extracts security properties, authentication mechanisms, update capabilities, and encryption details

  • Automatic validation against Articles 3.3(d), (e), and (f) requirements

  • Restricted clause detection identifying where Notified Body involvement is required

  • Product-level conformity status with gap analysis per applicable EN 18031 standard

PROVE COMPLIANCE OUT

Generate Technical Files and Declarations of Conformity in Hours, Not Weeks

Produce audit-ready technical documentation, EU Declarations of Conformity, and customer-facing RED cybersecurity evidence instantly from validated supplier data.

  • One-click technical file packages covering Articles 3.3(d), (e), (f) conformity

  • Pre-structured Declaration of Conformity templates aligned with RED requirements

  • Customer-specific RED cybersecurity compliance packages with full traceability

  • Complete audit trail for every supplier attestation, validation, and conformity decision

One Supplier Submission. Validation Against All Three RED Cybersecurity Requirements. Conformity-Ready in Hours.

One Supplier Submission. Validation Against All Three RED Cybersecurity Requirements. Conformity-Ready in Hours.

One Supplier Submission. Validation Against All Three RED Cybersecurity Requirements. Conformity-Ready in Hours.

One Supplier Submission. Validation Against All Three RED Cybersecurity Requirements. Conformity-Ready in Hours.

Certivo collects supplier security attestations and test reports, extracts component-level cybersecurity data, validates against EN 18031 requirements and restricted clauses, and generates conformity documentation automatically. When restricted clauses are triggered, Certivo flags the Notified Body pathway—before market surveillance finds the gap.

Certivo collects supplier security attestations and test reports, extracts component-level cybersecurity data, validates against EN 18031 requirements and restricted clauses, and generates conformity documentation automatically. When restricted clauses are triggered, Certivo flags the Notified Body pathway—before market surveillance finds the gap.

Certivo collects supplier security attestations and test reports, extracts component-level cybersecurity data, validates against EN 18031 requirements and restricted clauses, and generates conformity documentation automatically. When restricted clauses are triggered, Certivo flags the Notified Body pathway—before market surveillance finds the gap.

EN 18031 Validation

EN 18031 Validation

Restricted Clause Detection

Restricted Clause Detection

Conformity Documentation

Conformity Documentation

CRA Transition Mapping

CRA Transition Mapping

Continuous Audit Readiness

Continuous Audit Readiness

See How to Automate Compliance

See How to Automate Compliance

Features Tabs

Features Tabs

Attestation Collection

Security Evidence Extraction

Restricted Clause Monitoring

Conformity Documentation

CRA Transition Support

Attestation Collection

Certivo's automated campaigns achieve 95% response rates vs. 20-30% with manual outreach.

  • Targeted campaigns by product line, radio module type, or supplier tier

  • Multi-language outreach in suppliers' native languages

  • Intelligent follow-up sequences adapting to supplier behavior

  • Format-agnostic: EN 18031 reports, lab certificates, PDF attestations, freeform responses

95%

Supplier Response Rate

Security Evidence Extraction

Every supplier attestation parsed to requirement level automatically—no manual data entry.

  • Deep extraction of authentication mechanisms, encryption details, update capabilities, credential policies

  • Parses EN 18031 test reports, ETSI EN 303 645 outputs, and proprietary security assessments

  • Multi-language document processing for global supply chain coverage

  • Anomaly detection for incomplete, outdated, or non-conforming attestations

99.2%

Extraction Accuracy

Restricted Clause Monitoring

Always validated against current harmonised standards and Commission guidance—not your last review.

  • Automatic detection of restricted clause triggers across product portfolios

  • Conformity pathway routing: self-assessment vs. Notified Body involvement

  • Proactive alerts when product design changes affect EN 18031 presumption of conformity

  • CRA transition tracking as RED cybersecurity provisions phase toward repeal

Real-Time

EN 18031 Compliance Sync

Conformity Documentation

Generate RED cybersecurity technical files in hours instead of 6-8 weeks.

  • One-click technical file assembly mapping supplier evidence to Articles 3.3(d), (e), (f)

  • EU Declaration of Conformity templates pre-populated with cybersecurity essential requirements

  • Supplier evidence chain with complete traceability per component and module

  • Gap analysis reports identifying missing evidence before market surveillance review

4 hours

To Audit-Ready Technical File

CRA Transition Support

Pre-validated RED evidence packages map forward to CRA essential requirements—no rework.

  • RED-to-CRA requirement mapping for products spanning both enforcement periods

  • Parallel conformity tracking for products on market before and after December 2027

  • CRA essential requirement gap analysis built from existing RED cybersecurity evidence

  • Regulatory intelligence alerts as CRA harmonised standards are published

Continuous

Dual-Framework Assurance

Attestation Collection

Security Evidence Extraction

Restricted Clause Monitoring

Conformity Documentation

CRA Transition Support

Attestation Collection

Certivo's automated campaigns achieve 95% response rates vs. 20-30% with manual outreach.

  • Targeted campaigns by product line, radio module type, or supplier tier

  • Multi-language outreach in suppliers' native languages

  • Intelligent follow-up sequences adapting to supplier behavior

  • Format-agnostic: EN 18031 reports, lab certificates, PDF attestations, freeform responses

95%

Supplier Response Rate

Attestation Collection

Security Evidence Extraction

Restricted Clause Monitoring

Conformity Documentation

CRA Transition Support

Attestation Collection

Certivo's automated campaigns achieve 95% response rates vs. 20-30% with manual outreach.

  • Targeted campaigns by product line, radio module type, or supplier tier

  • Multi-language outreach in suppliers' native languages

  • Intelligent follow-up sequences adapting to supplier behavior

  • Format-agnostic: EN 18031 reports, lab certificates, PDF attestations, freeform responses

95%

Supplier Response Rate

Related Regulations

Related Regulations

EU Cyber Resilience Act (CRA)

CRA replaces RED cybersecurity on December 11, 2027; broader lifecycle requirements

Combined Value

Unified compliance evidence bridges RED-to-CRA transition without rework

EU Cyber Resilience Act (CRA)

CRA replaces RED cybersecurity on December 11, 2027; broader lifecycle requirements

Combined Value

Unified compliance evidence bridges RED-to-CRA transition without rework

CE Marking (EU)

RED cybersecurity conformity is prerequisite for CE marking of radio equipment

Combined Value

Cybersecurity evidence feeds directly into CE marking documentation packages

CE Marking (EU)

RED cybersecurity conformity is prerequisite for CE marking of radio equipment

Combined Value

Cybersecurity evidence feeds directly into CE marking documentation packages

ETSI EN 303 645

Consumer IoT cybersecurity standard; informative for RED but not harmonised

Combined Value

Maps EN 303 645 evidence to EN 18031 requirements for conformity reuse

ETSI EN 303 645

Consumer IoT cybersecurity standard; informative for RED but not harmonised

Combined Value

Maps EN 303 645 evidence to EN 18031 requirements for conformity reuse

UK PSTI Act

UK product security regime for consumer connectable products

Combined Value

Multi-jurisdiction validation from one supplier submission

UK PSTI Act

UK product security regime for consumer connectable products

Combined Value

Multi-jurisdiction validation from one supplier submission

GDPR

RED Article 3.3(e) protects personal data; GDPR governs data processing obligations

Combined Value

Combined privacy compliance documentation for connected products

GDPR

RED Article 3.3(e) protects personal data; GDPR governs data processing obligations

Combined Value

Combined privacy compliance documentation for connected products

NIS2 Directive

NIS2 addresses organizational security; RED addresses product security

Combined Value

Unified supply chain security evidence for both product and entity requirements

NIS2 Directive

NIS2 addresses organizational security; RED addresses product security

Combined Value

Unified supply chain security evidence for both product and entity requirements

Managing RED cybersecurity alongside related frameworks eliminates duplicate supplier requests. Certivo validates one submission against multiple cybersecurity and product compliance frameworks.

Managing RED cybersecurity alongside related frameworks eliminates duplicate supplier requests. Certivo validates one submission against multiple cybersecurity and product compliance frameworks.

Managing RED cybersecurity alongside related frameworks eliminates duplicate supplier requests. Certivo validates one submission against multiple cybersecurity and product compliance frameworks.

Industries Most Impacted

Industries Most Impacted

Electronics Manufacturing

Electronics Manufacturing

Your Pain Point

Massive IoT portfolios; every Wi-Fi/Bluetooth product in scope

Industrial & Heavy Equipment

Industrial & Heavy Equipment

Your Pain Point

Industrial IoT gateways, routers, sensors with radio connectivity

Automotive Manufacturing

Automotive Manufacturing

Your Pain Point

Connected vehicle modules; V2X communication; telematics units

Aerospace & Defense

Aerospace & Defense

Your Pain Point

Mission-critical radio equipment; prime contractor flowdown

Medical Devices & Equipment

Medical Devices & Equipment

Your Pain Point

Wireless medical devices; MDR/IVDR and RED overlap for connected equipment

Consumer Goods

Consumer Goods

Your Pain Point

Smart home devices, toys, wearables, baby monitors—all in scope for 3.3(e)

Energy & Infrastructure

Energy & Infrastructure

Your Pain Point

Smart meters, utility gateways, grid-connected sensors

Semiconductor & High-Tech

Semiconductor & High-Tech

Your Pain Point

Radio module suppliers embedded in thousands of end products

Return on Investment

Return on Investment

80%
80%
80%
80%
Reduction in Compliance Labor
Reduction in Compliance Labor
Reduction in Compliance Labor
From Manual Evidence Assembly to Automated Conformity Documentation

CORA collects, parses, and validates supplier cybersecurity attestations automatically. Your team focuses on restricted clause decisions and conformity pathway routing—not chasing security PDFs from module suppliers.

4 hours
4 hours
4 hours
4 hours
To Technical File
To Technical File
To Technical File
Conformity Documentation Acceleration

Generate complete, audit-ready RED cybersecurity technical files in hours—not the weeks of manual compilation across suppliers, test labs, and engineering teams.

Real-Time
Real-Time
Real-Time
Real-Time
Proactive Restricted Clause Detection
Proactive Restricted Clause Detection
Proactive Restricted Clause Detection
Continuous RED Compliance Monitoring

When product designs or supplier attestations trigger EN 18031 restricted clauses, Certivo flags the Notified Body pathway instantly. Know your conformity route before market surveillance does.

Key Statistics

3

3

3

3

RED cybersecurity essential requirements validated per product

RED cybersecurity essential requirements validated per product

99.2%

99.2%

99.2%

99.2%

Supplier attestation extraction accuracy

Supplier attestation extraction accuracy

95%

95%

95%

95%

Supplier response rate with CORA-powered campaigns

Supplier response rate with CORA-powered campaigns

Frequently Asked Questions

What products are in scope for RED cybersecurity requirements?

Any radio equipment that communicates over the internet—directly or via another device—is in scope for Article 3.3(d). Equipment processing personal, traffic, or location data must also meet Article 3.3(e). Devices enabling monetary or virtual currency transfers must meet Article 3.3(f). This includes smartphones, IoT devices, smart home products, wearables, baby monitors, routers, industrial sensors, and connected toys. Certivo helps manufacturers classify their product portfolios and identify applicable EN 18031 standards.

What are the penalties for RED cybersecurity non-compliance?

Penalties are set by each EU member state and must be effective, proportionate, and dissuasive. Market surveillance authorities can remove non-compliant products from sale, order recalls, or block products at EU borders. Products without valid CE marking covering cybersecurity requirements cannot legally be placed on the EU market. Where security flaws lead to data breaches, related GDPR penalties of up to €20 million or 4% of global turnover may also apply.

How does RED cybersecurity conformity assessment work?

Manufacturers can self-assess against harmonised standards EN 18031-1, -2, and -3 if no restricted clauses are triggered. If restricted clauses apply—such as allowing users to skip password setup—a Notified Body assessment is mandatory. Products not following harmonised standards in full also require Notified Body involvement. CORA automatically detects restricted clause triggers across your portfolio and routes each product to the correct conformity pathway.

How does Certivo handle the RED-to-CRA transition?

RED cybersecurity provisions are repealed on December 11, 2027, when the Cyber Resilience Act takes full effect. Products placed on the market between August 2025 and December 2027 remain under RED surveillance. Certivo maintains parallel conformity tracking for both frameworks, maps existing RED evidence to CRA essential requirements, and identifies gaps requiring additional supplier evidence—so your transition is seamless, not a second compliance project.

How does RED cybersecurity relate to other EU product compliance frameworks?

RED cybersecurity is one layer of CE marking for radio equipment alongside safety, EMC, and radio spectrum requirements. It overlaps with the Cyber Resilience Act (which replaces it in 2027), intersects with GDPR for personal data protection, and relates to ETSI EN 303 645 for consumer IoT. Certivo validates supplier evidence across all applicable frameworks from a single submission, eliminating duplicate collection campaigns.

Ready to Automate RED Cybersecurity Compliance?

Ready to Automate RED Cybersecurity Compliance?

Ready to Automate RED Cybersecurity Compliance?

Ready to Automate RED Cybersecurity Compliance?

See how Certivo's product compliance platform transforms RED cybersecurity evidence management from reactive documentation to continuous conformity assurance—with built-in CRA transition readiness.

See how Certivo's product compliance platform transforms RED cybersecurity evidence management from reactive documentation to continuous conformity assurance—with built-in CRA transition readiness.

See how Certivo's product compliance platform transforms RED cybersecurity evidence management from reactive documentation to continuous conformity assurance—with built-in CRA transition readiness.

See how Certivo's product compliance platform transforms RED cybersecurity evidence management from reactive documentation to continuous conformity assurance—with built-in CRA transition readiness.

Book a Demo

Book a Demo

Talk to an Expert

Talk to an Expert

Every account includes a dedicated compliance expert alongside CORA.