FAQs - Radio Equipment Directive (RED) Cybersecurity Requirements
Watch now: Cybersecurity and the RED — Find out what’s next
Listen as our technical experts discuss the RED and its cybersecurity requirements in Article 3.3, explain new updates coming from the European Commission and how it impacts connected IoT devices, and what manufacturers developing or importing connected products in the EU can do now.
Oct. 11, 2022
Ryan Webster, principal engineer, cybersecurity, UL Solutions
Joaquin Gomez-Serrano, senior product specialist, consumer, medical and Information technology, UL Solutions
As more and more connected devices enter our homes and day-to-day lives, it is becoming increasingly important that they meet a baseline of cybersecurity requirements before being put onto store shelves. Earlier this year, the European Union (EU) Commission published Delegated Regulation 2022/30, enforcing cybersecurity requirements. This regulation requires applicable products to comply with articles 3(3)(d), 3(3)(e) and/or 3(3)(f) of the Radio Equipment Directive (RED) 2014/53/EU.
This is the first major mandated cybersecurity requirement for consumer Internet of Things (IoT) products across Europe and for all manufacturers selling goods in Europe. The regulation applies from Aug. 1, 2024.
The upcoming enforcement of RED Articles 3.3 (d), (e), and (f) aims to help ensure that connected devices meet a baseline of cybersecurity requirements throughout the EU and will be seen as a benchmark for what is to come for the connected device industry globally.
In this webinar, we cover some common questions and topics encountered by industry stakeholders, such as:
- What types of devices are considered in scope for Articles (d), (e), and (f)?
- What is the impact on devices already compliant with the RED (previously mandatory articles)?
- How to prepare for compliance in the absence of formal technical requirements?
- How does the scope of the RED compare to some other consumer IoT device security standards and regulations globally?