RED Directive: The Cybersecurity Compliance Countdown – Part 8

01 Jul 2025

Final Countdown: A 30-Day Compliance Checklist

With just one month remaining until RED enforcement, manufacturers must focus on finalizing compliance efforts. The last 30 days are crucial for tying up loose ends, ensuring documentation is complete, and addressing any lingering security concerns. A single missing document or failed test could result in costly delays.

Essential Last-Minute Checks

1. Final Testing & Certification
   Ensure that conformity assessment, including functional security testing is complete. If your product hasn’t been independently tested, now is high time to engage an IoT cyber test lab or notified body like Intertek.
2. Technical File Submission
   Self-declaration or notified bodies require a complete technical file, including risk assessments, test reports, and compliance declarations. Common reasons for certification rejection by a notified body are missing third party test reports or even unsigned compliance statements – double-check signatures and required approvals.
3. Customer Support & Compliance Training
   Your compliance responsibilities don’t end with certification. Train customer support teams on security update processes and best practices for guiding end users on cybersecurity features and configuration.

Avoiding Last-Minute Pitfalls

• Incomplete risk assessments: Ensure all threats, including supply chain vulnerabilities, are addressed.
• Outdated test results: If your testing was conducted over six months ago, consider retesting key security features.
• Lack of internal coordination: Compliance teams, engineers, and product managers should have a final review meeting to confirm all requirements are met.

Final Thought

The last 30 days before RED enforcement can make or break a product launch or stop sales of existing products still produced and put on the EU market. A structured compliance review ensures smooth certification and regulatory approval.