Starting August 1, 2025, all Internet of Things (IoT) devices used in the European Union must be compliant with new cybersecurity requirements under the Radio Equipment Directive (RED) 2014/53/EU. These regulations aim to enhance the security of wireless devices, safeguarding networks, personal data, and preventing fraud. Scope of the Regulation

The new requirements apply to a wide range of IoT devices that connect to the internet or other communication networks. These include:

• Smart appliances like washing machines and refrigerators
• Wireless toys and childcare equipment
• Electric vehicle chargers
• Robot vacuum cleaners
• Wearable devices such as smartwatches

Devices covered by other specific EU cyber security regulations, such as automotive, aviation, and electronic road-toll systems, are exempt.

Key Requirements

Manufacturers must ensure their products meet several critical criteria:

1. Network Protection: Devices must include features to prevent disruption to communication networks.

2. Data Privacy: Implement measures to protect personal data from unauthorized access or transmission.

3. Fraud Prevention: Enhance user authentication and integrity controls to reduce fraud risks, especially in electronic transactions.

Compliance Process

Manufacturers need to take several steps to ensure compliance:

1. Risk Assessment: Identify potential cybersecurity vulnerabilities in their devices and address them accordingly.

2. Adhere to Standards: While harmonized standards are under development, manufacturers can refer to existing guidelines such as ETSI EN303645 or EN18031 for consumer IoT products.

3. Collaborate with Notified Bodies: Engage with Notified Bodies for conformity assessment, especially in th1. absence of finalized harmonized standards.

4. Secure Software Updates: Ensure devices can receive and verify updates securely to counter emerging threats.

How CyberWhiz can help you?

The upcoming cybersecurity requirements under the Radio Equipment Directive represent a significant step towards securing IoT devices across the EU. Manufacturers should start preparing immediately to meet the August 1, 2025, deadline, ensuring their devices comply and continue to be marketed in the European Union.

We, as CyberWhiz, can help IoT device manufacturers for their any cyber security need. Firstly, our Purple Team regulation consultant experts, who know the regulaton requirements very well, can make a gap analysis and clarify what you should change and how you should improve your security infrastructure in your designs. Secondly, our Red Team can make a vulnerability analysis and make a IoT penetration test to your existing product. And finally, our Blue Team Embedded Security experts can apply the required design changes in your embedded design. Also our Blue Team Mobile and Cloud Secuirty experts can advice you to create an holistic and optimum solution to be 100% compliance to the regulation.

We are not only making a threat analysis and risk assessment for your IoT device design infrastructure but we are providing a holistic solution for each step of compliance process.

We are One Stop Shop for IoT Cyber Security.