{"id":26758,"date":"2025-07-23T08:14:19","date_gmt":"2025-07-23T07:14:19","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=26758"},"modified":"2025-07-23T12:48:51","modified_gmt":"2025-07-23T11:48:51","slug":"radio-equipment-directive-a-first-step-toward-securing-european-connected-products","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/","title":{"rendered":"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b"},"content":{"rendered":"\n<p aria-level=\"4\"><b><span data-contrast=\"none\">The internet of Things (IoT)<\/span><\/b><span data-contrast=\"none\"> is a rapidly growing sector, with increasing adoption across a wide range of domains. From production plants (industry 4.0) to homes (smart home systems) and even the devices we wear (such as smartphones and smartwatches), connected objects are becoming omnipresent in our daily lives.<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:120}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The Radio Equipment Directive (RED) establishes a European framework for <\/span><b><span data-contrast=\"auto\">regulating all equipment that communicates via radio waves. <\/span><\/b><span data-contrast=\"auto\">This includes any device using technologies such as Wi-Fi, Bluetooth, LoRaWAN, or cellular networks like 4G and 5G.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">In this context, <\/span><b><span data-contrast=\"auto\">August 1<\/span><\/b><b><span data-contrast=\"auto\">st<\/span><\/b><b><span data-contrast=\"auto\"> 2025, marks a key milestone:<\/span><\/b><span data-contrast=\"auto\"> from that date onward, the RED\u2019s cybersecurity requirements will become mandatory! Economic operators (including manufacturers, importers and distributors) who fail to comply with these obligations may face sanctions ranging from the withdrawal of their products from the EU market to significant administrative fines, depending on the applicable legislation in each member state.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">This article aims to break down the directive and highlight the key takeaways. If you are behind in your compliance efforts, you will also find guidance here on how to get started!<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h1><span data-contrast=\"none\">RED explained: What you need to know<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:540,&quot;335559738&quot;:240,&quot;335559739&quot;:360,&quot;335559991&quot;:539}\">\u00a0<\/span><\/h1>\n<p><b><span data-contrast=\"auto\">Adopted in June 2014,<\/span><\/b><span data-contrast=\"auto\"> the RED (2014\/53\/EU) aims to standardize the marketing of radio equipment within the EU. Its primary objective is to ensure that devices that transmit or receive radio waves (such as smartphones and Wi-Fi routers) comply with health, safety, electromagnetic compatibility, and efficient use of the radio spectrum requirements.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">However, <\/span><b><span data-contrast=\"auto\">it was not until 2022 that cybersecurity was integrated into the RED<\/span><\/b><span data-contrast=\"auto\">, nearly eight years after its creation. The introduction of delegated act 2022\/30 marked a new phase by adding specific requirements aimed at enhancing the resilience of radio equipment against digital threats.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-26798 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo1-1.png\" alt=\"\" width=\"635\" height=\"307\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo1-1.png 1141w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo1-1-395x191.png 395w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo1-1-71x34.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo1-1-768x372.png 768w\" sizes=\"auto, (max-width: 635px) 100vw, 635px\" \/><\/p>\n<h1>Scope of application of RED\u00a0<\/h1>\n<h2><span data-contrast=\"none\">Definition of radio equipment<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">According to Article 2.11 of the RED, radio equipment is defined as:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">\u201cAn electrical or electronic product that intentionally emits and\/or receives radio waves for the purpose of radio communication and\/or radio navigation\u201d<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Specifically, this includes any device that uses wireless communication protocols such as Wi-Fi, Bluetooth, Zigbee, LTE, 5G, NFC, or LoRa to transmit or receive data via the radio spectrum.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">These technologies form the basis of many everyday devices, particularly in the fields of home automation and the Internet of Things (IoT). The RED directive therefore covers a very wide range of products.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Sectors excluded from the scope<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">The RED directive does not apply to all radio equipment. Some categories are explicitly excluded from its scope, particularly for reasons of sovereignty, specific regulatory frameworks, or usage contexts.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Sectors subject to their own regulations:<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul>\n<li><b><span data-contrast=\"auto\">Marine equipment:<\/span><\/b><span data-contrast=\"auto\"> excluded are devices already covered by the Marine Equipment Directive (MED)<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Aeronautical equipment:<\/span><\/b><span data-contrast=\"auto\"> excluded are devices already regulated under the Common Rules in the Field of Civil Aviation (CRFCA)<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Automotive equipment:<\/span><\/b><span data-contrast=\"auto\"> excluded are devices already subject to the New General Safety Regulation (GSR <\/span><span data-contrast=\"auto\">II<\/span><span data-contrast=\"auto\">)<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Defense and public security:<\/span><\/b><span data-contrast=\"auto\"> devices used by national authorities within the scope of national defense or any public security activity<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><strong>Equipment for non-commercial purposes:\u00a0<\/strong><\/p>\n<ul>\n<li><b><span data-contrast=\"auto\">Customized research equipment (R&amp;D): <\/span><\/b><span data-contrast=\"auto\">tailored for experimental purposes, not intended for commercial use<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Amateur radio equipment:<\/span><\/b><span data-contrast=\"auto\"> when not commercially available but built and used by amateurs in a non-commercial setting<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-26780 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo2.png\" alt=\"\" width=\"1416\" height=\"502\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo2.png 1416w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo2-437x155.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo2-71x25.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo2-768x272.png 768w\" sizes=\"auto, (max-width: 1416px) 100vw, 1416px\" \/><\/p>\n<h1><span data-contrast=\"none\">Economic operators subject to the directive and their responsibilities<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:540,&quot;335559738&quot;:240,&quot;335559739&quot;:360,&quot;335559991&quot;:539}\">\u00a0<\/span><\/h1>\n<p><span data-contrast=\"auto\">The RED directive does not concern only manufacturers of radio equipment. It applies to the entire supply chain, from design to market placement. Each economic operator plays a key role in ensuring product compliance, safety and reliability. To this end, RED defines separate requirements for three main categories of actors: manufacturers, importers and distributors.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">It is important to emphasize that the same company may fulfil several of these roles at once, and that this may vary for the same company from one product range to another.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Manufacturers<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">The manufacturer is on the front line. They are the ones who design, produce or brand an eligible product. They are therefore responsible for most of the actions required to bring products into compliance with RED. They must:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">Ensure that the product complies with the essential requirements of the RED<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Ensure that the product remains compliant in the event of modifications<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">When appropriate given the risks, carry out sample testing, keep a test record and keep distributors informed of the test history<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Carry out or have carried out a conformity assessment<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Provide an EU declaration of conformity<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Affix the CE marking<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Prepare the technical documentation and user instructions and retain them for 10 years<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Withdraw or even recall a product from the market in case of non-compliance<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Communicate with the authorities in the event of non-compliance or upon request<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<h2><span data-contrast=\"none\">Importers<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">When a product is manufactured outside the EU, the importer is responsible for transporting it from its country of origin to the EU. The importer becomes responsible for its compliance when it enters the European market. The importer must:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">When appropriate given the risks, perform sample testing, maintain a record of the tests and inform distributors of the test history<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Ensure that product storage and transport conditions do not compromise compliance<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Verify that the manufacturer has used an approved certification method<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Check for the presence of the CE marking<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Ensure that the technical documentation, declaration of conformity and user instructions are compliant, and retain a copy for 10 years<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Withdraw or recall a product from the market in case of non-compliance<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Communicate with the manufacturer and relevant authorities in case of identified non-compliance or upon request<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<h2><span data-contrast=\"none\">Distributors<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">The distributors is the operator who makes the product available on the market to the customer or end user. They have a duty of care regarding the work carried out upstream by the manufacturer and importer. They must:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">Ensure that storage and transport conditions do not compromise product compliance<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Verify the presence of the CE marking and the availability of an EU declaration of conformity<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Ensure that the technical documentation and user instructions are compliant<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Withdraw or recall a product from the market in case of non-compliance<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Communicate with the manufacturer, importer and competent authorities in case of identified non-compliance or upon request<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-26778 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo3.png\" alt=\"\" width=\"1447\" height=\"465\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo3.png 1447w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo3-437x140.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo3-71x23.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo3-768x247.png 768w\" sizes=\"auto, (max-width: 1447px) 100vw, 1447px\" \/><\/p>\n<h1><span data-contrast=\"none\">Key cybersecurity requirements under RED<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:540,&quot;335559738&quot;:240,&quot;335559739&quot;:360,&quot;335559991&quot;:539}\">\u00a0<\/span><\/h1>\n<p><span data-contrast=\"auto\">In 2022, RED introduced 4 essential cybersecurity requirements. These requirements are subject to eligibility criteria based on the characteristics of the product and are therefore not applicable to all devices. Rather than prescribing a fixed list of security measures to implement, the requirements represent broader security concepts to be integrated into product design.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Network security<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><b><span data-contrast=\"auto\">Eligibility criteria:<\/span><\/b><span data-contrast=\"auto\"> Applies to all devices connected to the Internet, either directly or indirectly. These measures are designed to prevent such devices from compromising network stability or performance.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Cyber requirements:<\/span><\/b><span data-contrast=\"auto\"> On the one hand, equipment must be designed to use the radio spectrum efficiently, without causing harmful interference. This ensures seamless coexistence between different devices without interference or disruption. On the other hand, they must not be capable of degrading, disrupting or hijacking network operations.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Protection of personal data<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><b><span data-contrast=\"auto\">Eligibility criteria:<\/span><\/b><span data-contrast=\"auto\"> Applies only to equipment that processes personal data. It aims to ensure user privacy.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Cyber requirements:<\/span><\/b><span data-contrast=\"auto\"> Devices must incorporate data protection mechanisms such as encryption to prevent unauthorized access. This involves securing information not only in transit but also during storage.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Protection against fraudulent use<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><b><span data-contrast=\"auto\">Eligibility criteria:<\/span><\/b><span data-contrast=\"auto\"> Specifically applies to equipment involved in money transfers, such as payment terminals or certain smartphones. This aims to limit the risk of fraud via this equipment.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Cyber requirements:<\/span><\/b><span data-contrast=\"auto\"> The regulation requires the integration of anti-fraud features, without prescribing a single solution. Among the possible approaches, multi-factor authentication (MFA) can be an effective measure, adding an extra layer of security during transactions. However, other mechanisms may also be considered depending on the context of use and the level of risk identified.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Software authenticity<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><b><span data-contrast=\"auto\">Eligibility criteria:<\/span><\/b><span data-contrast=\"auto\"> Applies to all equipment. The goal is to prevent the installation or execution of unauthorized software on a given device.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">Cyber requirements: <\/span><\/b><span data-contrast=\"auto\">Implement features that verify the software and hardware combination prior to any installation. This may include secure boot, signature\/certificate verification, hash checking or any other method ensuring authenticity.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-26772 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo4.png\" alt=\"\" width=\"1486\" height=\"534\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo4.png 1486w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo4-437x157.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo4-71x26.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/red_vo4-768x276.png 768w\" sizes=\"auto, (max-width: 1486px) 100vw, 1486px\" \/><\/p>\n<h1><span data-contrast=\"none\">Steps to ensure compliance with RED<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:540,&quot;335559738&quot;:240,&quot;335559739&quot;:360,&quot;335559991&quot;:539}\">\u00a0<\/span><\/h1>\n<h2><span data-contrast=\"none\">Methods for ensuring compliance<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Compliance with RED directive can quickly become a complex exercise, particularly when it comes to identifying the applicable cybersecurity requirements. To this end, CENELEC published RED related harmonized standard <\/span><b><span data-contrast=\"auto\">EN 18031<\/span><\/b><span data-contrast=\"auto\"> in early 2025. This standard clarifies the requirements and provides an official framework for RED compliance.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">However, it is important to emphasize that the use of EN 18031 is not mandatory. Certifying a product as compliant with EN 18031 is only one of the ways to achieve conformity with RED. <\/span><b><span data-contrast=\"auto\">A decision tree <\/span><\/b><span data-contrast=\"auto\">provided by RED allows for determining (depending on the product), which conformity assessment method is permitted. One of these methods is <\/span><b><span data-contrast=\"auto\">self-assessment<\/span><\/b><span data-contrast=\"auto\">, meaning a self-evaluation of compliance with the essential requirements, provided that the technical measures implemented and the associated justifications are thoroughly documented.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span class=\"TextRun SCXW186372115 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW186372115 BCX0\">However, these tools (EN 18031 and decision trees), although <\/span><span class=\"NormalTextRun SCXW186372115 BCX0\">very <\/span><span class=\"NormalTextRun SCXW186372115 BCX0\">useful<\/span> <span class=\"NormalTextRun SCXW186372115 BCX0\">remain complex to implement due to a margin for interpretation<\/span><span class=\"NormalTextRun SCXW186372115 BCX0\"> left on some aspects<\/span><span class=\"NormalTextRun SCXW186372115 BCX0\">.<\/span><\/span><\/p>\n<h2><span data-contrast=\"none\">Standard procedure for manufacturers<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:539,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559991&quot;:850}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Based on Wavestone\u2019s experience in cybersecurity compliance projects related to regulations and more specifically regulations targeting products, we offer a framework structured around 10 key steps:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ol>\n<li><b><span data-contrast=\"auto\">Inventory:<\/span><\/b><span data-contrast=\"auto\"> Conduct an inventory of radio equipment marketed in the EU that does not fall under excluded sectors<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Requirements<\/span><\/b><span data-contrast=\"auto\">: Apply product specific eligibility criteria to identify the applicable essential requirements\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Strategy:<\/span><\/b><span data-contrast=\"auto\"> Use the decision tree to identify possible certification methods and validate the chosen strategy for each product based on risk<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Framework:<\/span><\/b><span data-contrast=\"auto\"> Specify (EN 18031) or interpret (legal text) the applicable framework by translating it into concrete, auditable security control points<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Gaps:<\/span><\/b><span data-contrast=\"auto\"> Compare the current state of products and processes against the control points of the chosen framework to develop a remediation plan<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Remediation:<\/span><\/b><span data-contrast=\"auto\"> Implement the remediation plan at both the product and cross-functional levels to ensure long-term compliance<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Documentation:<\/span><\/b><span data-contrast=\"auto\"> Document and justify the decisions made and actions taken with respect to RED and\/or EN 18031 requirements<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Instructions:<\/span><\/b><span data-contrast=\"auto\"> Document best usage practices and safety instructions to ensure operation in compliance with the requirements<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Self-assessment \/ Third-party certification:<\/span><\/b><span data-contrast=\"auto\"> Conduct a self-assessment or an audit via a certification body depending on the chosen strategy<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">Communication:<\/span><\/b><span data-contrast=\"auto\"> Affix the CE marking and liaise with authorities and other involved economic operators<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ol>\n<h1><span data-contrast=\"none\">Positioning of RED within the cybersecurity regulatory framework for connected products<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:540,&quot;335559738&quot;:240,&quot;335559739&quot;:360,&quot;335559991&quot;:539}\">\u00a0<\/span><\/h1>\n<p><span data-contrast=\"auto\">The RED directive and the Cyber Resilience Act (CRA) clearly operate within a shared regulatory domain. For readers not yet familiar with the CRA a detailed analysis is available <\/span><a href=\"https:\/\/www.riskinsight-wavestone.com\/2024\/09\/cyber-resilience-act-une-revolution-qui-redefinit-la-securite-des-produits-et-transforme-lecosysteme\/\"><span data-contrast=\"none\">here<\/span><\/a><span data-contrast=\"auto\">. The scope of application of the RED is included in the CRA and the essential requirements of the CRA go beyond what is established by the RED. In this sense, compliance with the CRA implies compliance with the RED. As the CRA is set to become fully applicable in December 2027, there are ongoing discussions at the European level regarding the possibility that RED\u2019s cybersecurity requirements may only remain in force until that date, with the CRA subsequently taking over. While such a transition would indeed be coherent, no official communication has been issued to that effect as of today.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Nevertheless, achieving compliance with the RED as of now enables companies to effectively prepare for the implementation of the CRA. Both regulatory frameworks are based on similar compliance approaches and the harmonised standards for the CRA are currently being drafted by CENELEC, the same body that developed EN 18031, the harmonised standard under the RED.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">While RED compliance will become mandatory as of August 2025, it should also be viewed as a strategic opportunity to prepare for the CRA and future European regulatory requirements concerning product cybersecurity.<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The internet of Things (IoT) is a rapidly growing sector, with increasing adoption across a wide range of domains. From production plants (industry 4.0) to homes (smart home systems) and even the devices we wear (such as smartphones and smartwatches),&#8230;<\/p>\n","protected":false},"author":1499,"featured_media":26755,"comment_status":"open","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3977],"tags":[],"coauthors":[4499,4686],"class_list":["post-26758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-focus"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"The internet of Things (IoT) is a rapidly growing sector, with increasing adoption across a wide range of domains. From production plants (industry 4.0) to homes (smart home systems) and even the devices we wear (such as smartphones and smartwatches),...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-23T07:14:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-23T11:48:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nicolas PONTOIS, Nayer MANKARIOUS\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicolas PONTOIS, Nayer MANKARIOUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\"},\"author\":{\"name\":\"Madeline Salles\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ff9185abd0574dc00c0e378146212b8\"},\"headline\":\"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b\",\"datePublished\":\"2025-07-23T07:14:19+00:00\",\"dateModified\":\"2025-07-23T11:48:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\"},\"wordCount\":1919,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg\",\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Focus\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\",\"name\":\"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg\",\"datePublished\":\"2025-07-23T07:14:19+00:00\",\"dateModified\":\"2025-07-23T11:48:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ff9185abd0574dc00c0e378146212b8\",\"name\":\"Madeline Salles\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/madeline-salles\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/","og_locale":"en_US","og_type":"article","og_title":"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b - RiskInsight","og_description":"The internet of Things (IoT) is a rapidly growing sector, with increasing adoption across a wide range of domains. From production plants (industry 4.0) to homes (smart home systems) and even the devices we wear (such as smartphones and smartwatches),...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/","og_site_name":"RiskInsight","article_published_time":"2025-07-23T07:14:19+00:00","article_modified_time":"2025-07-23T11:48:51+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg","type":"image\/jpeg"}],"author":"Nicolas PONTOIS, Nayer MANKARIOUS","twitter_misc":{"Written by":"Nicolas PONTOIS, Nayer MANKARIOUS","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/"},"author":{"name":"Madeline Salles","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ff9185abd0574dc00c0e378146212b8"},"headline":"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b","datePublished":"2025-07-23T07:14:19+00:00","dateModified":"2025-07-23T11:48:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/"},"wordCount":1919,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg","articleSection":["Cybersecurity &amp; Digital Trust","Focus"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/","name":"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg","datePublished":"2025-07-23T07:14:19+00:00","dateModified":"2025-07-23T11:48:51+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2025\/07\/robin-glauser-zP7X_B86xOg-unsplash-scaled.jpg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2025\/07\/radio-equipment-directive-a-first-step-toward-securing-european-connected-products\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"\u200b\u200bRadio Equipment Directive: A first step toward securing European connected products\u200b"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ff9185abd0574dc00c0e378146212b8","name":"Madeline Salles","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/madeline-salles\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/26758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1499"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=26758"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/26758\/revisions"}],"predecessor-version":[{"id":26800,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/26758\/revisions\/26800"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/26755"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=26758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=26758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=26758"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=26758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}