To enhance the cybersecurity of certain radio products in the European Union (EU) market, the European Commission has adopted a Delegated Act (Regulation (EU) 2022/30) under the RED, which takes effect on 1 August 2025.

This Delegated Act enforces the following essential requirements from Article 3 of the RED:

  • 3.3(d): Ensure network protection – radio equipment must not harm the network or its functioning nor misuse network resources.
  • 3.3(e): Incorporate safeguards to ensure the personal data and privacy of the user and subscriber are protected.
  • 3.3(f): Include features to protect against fraud

Harmonized standards:

  • UNE EN 18031-1:2025 Common security requirements for radio equipment - Part 1: Internet connected radio equipment
  • UNE EN 18031-2:2025 Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
  • UNE EN 18031-3:2025 Common security requirements for radio equipment - Part 3: Internet connected radio equipment processing virtual money or monetary value

See Radio Equipment Directive Cybersecurity Testing – EN 18031 from BSI for more details on how this might impact you.

ZEALIENCE also has good resources on this topic. See: