Helianteck_colorHelianteck
🇮🇹

Recent amendment on directive 2014/53/EU as for cybersecurity requirements

The 2014/53/EU Directive, known as RED (Radio Equipment Directive), governs the market placement, availability, and use of radio equipment in the EU. It aims to ensure high security standards, electromagnetic compatibility, and promote technological innovation while enhancing competition. RED includes within itself EMC as an essencial requirement.

Key Objectives of the RED Directive:

  • Ensuring that radio equipment does not cause harmful interference.
  • Guaranteeing the safety and health of users.
  • Supporting efficient use of radio spectrum.
  • Enabling market surveillance to prevent non-compliant products from circulating.

One of the recent amendments on RED, focuses on cybersecurity in internet-connected radio equipments. The main essential requirements of RED that are concerned about cyber aspects are:

  • Network protection and prevention of service degradation
    [Art. 3 point 3 (d)]
  • Protection of personal data and privacy [Art. 3 point 3 (e)]
  • Protection from fraud [Art. 3 point 3 (f)]

Regulation (EU) 2022/30 and 2023/2444

Delegated Regulation (EU) 2022/30 enhances cybersecurity requirements within the RED Directive by setting stricter data protection measures across all internet-connected radio equipments in the EU.

Why these updates matter?

  • Protects consumers from identity theft, fraud, and data breaches.
  • Enforces secure design principles for manufacturers, requiring:
    • Secure software updates.
    • Data protection in storage and transmission.
    • Strong authentication and access controls.
  • Aligns with GDPR and in particular with the EU 2019/881 Cybersecurity Act to ensure a secure digital environment.

Key Provisions

Article 1: Security Obligations

Applies to all radio equipment capable of internet connectivity, directly or via other devices. The complete list of requirements for each category is shown in the following table.

Article 2: Exemptions

Article 3: Enforcement Timeline

  • Regulation entered into force on 12nd January 2022.
  • Compliance deadline for manufacturers, extended under Regulation EU 2023/2444: 1st August 2025

Avoid suprises.

Copyright © 2022-2024 Semmel S.R.L.