Radio Equipment Directive – Cybersecurity Requirements
Cybersecurity is a critical aspect of the Radio Equipment Directive (RED), and as such, there are specific cybersecurity requirements that must be met by manufacturers of radio equipment. Article 3 (3) of the Radio Equipment Directive specifies cybersecurity requirements for radio equipment sold within the EU. The three essential requirements are:
- 3(3)(d), to ensure network protection;
- 3(3)(e), to ensure safeguards for the protection of personal data and privacy;
- 3(3)(f), to ensure protection from fraud.
The importance of cybersecurity requirements for the Radio Equipment Directive (RED) cannot be overstated, as they play a crucial role in ensuring the safety, security, and privacy of users of radio equipment within the European Union (EU). Here are some of the reasons why cybersecurity requirements are essential for the RED:
- Protection against cyber threats: Radio equipment is vulnerable to cyber threats, such as hacking, malware, and other cyberattacks. Having cybersecurity requirements for the RED help to ensure that radio equipment is designed and manufactured in such a way that it can resist cyber threats, and protect the confidentiality, integrity, and availability of data transmitted and received by the equipment.
- Compliance with regulations: Compliance with cybersecurity requirements is mandatory for manufacturers of radio equipment before placing their products on the market or putting them into service. Failure to comply with these requirements can result in severe penalties and damage to a company's reputation.
- Ensuring interoperability: Cybersecurity requirements for the RED help to ensure that radio equipment is designed and manufactured in such a way that it is interoperable with other devices and systems. This ensures that radio equipment can work seamlessly with other devices and systems, without compromising the security and privacy of users.
- Protecting personal data: Radio equipment may transmit and receive personal data, and as such, it is essential to ensure that this data is protected against unauthorized access and theft.
New Cybersecurity Requirements of the Radio Equipment Directive (RED)
Download our Webinar
The new requirements took affect in February 2022, but do not become mandatory until August 1, 2025. Although there are some exceptions for otherwise regulated categories of devices, the delegated act applies to most direct and indirect Internet-connected radio equipment, childcare products, toys, and personnel wearable data collection equipment.
Although harmonized standards for the cybersecurity requirements do not yet exist, many of our customers are engaging early with Intertek in preparation for these mandatory requirements. Our customers are leveraging our Cyber Assured services for 3rd party certification to existing state of the art Standards.
Intertek offers the complete range of evaluation, certification and assurance services to launch successful connected products. Contact us to learn more.