5 PDF documents in your ZIP

Each document covers a specific obligation under Directive 2014/53/EU and Delegated Regulation (EU) 2022/30. Each one cites the exact articles that underpin its content.

⚖

Product Classification and Scope

Under Art. 1 of Delegated Reg. (EU) 2022/30 and Arts. 1–2 of Directive 2014/53/EU. Determines whether your radio equipment is subject to Arts. 3(3)(d), (e) and/or (f), identifies the exemptions under Art. 2 of the Delegated Reg. and establishes the applicable conformity procedure under Art. 17.

📄

Cybersecurity Technical Documentation

Under Art. 21 and Annex V of Directive 2014/53/EU. Covers the applicable cybersecurity requirements: access control, authentication, password management, secure communications, software integrity, secure updates, vulnerability management, event logging and personal data protection.

🛡

Cybersecurity Risk Assessment

Mapping of the requirements under Arts. 3(3)(d), (e) and (f) activated by Delegated Reg. (EU) 2022/30. Assessment of implementation status against the categories of EN 18031-1 (network), EN 18031-2 (data) and EN 18031-3 (fraud) as applicable.

✅

EU Declaration of Conformity

Under Art. 18 and Annex VI of Directive 2014/53/EU. Document signed by the manufacturer declaring that the radio equipment meets the essential requirements of Art. 3, including the cybersecurity requirements of Arts. 3(3)(d), (e) and (f). Basis for CE marking (Arts. 19–20).

🏷

Simplified Declaration + Printable Label

Under Art. 10(9) and Annex VII of Directive 2014/53/EU. Short-form declaration that physically accompanies the product and includes the URL where the buyer can access the full declaration. Includes a printable label with QR code.

What REDCheck covers

Delegated Regulation (EU) 2022/30 activates three essential cybersecurity requirements under Directive 2014/53/EU for specific categories of radio equipment. REDCheck generates the technical documentation for all of them.

IN SCOPE

Radio equipment covered by Delegated Reg. (EU) 2022/30

REDCheck generates cybersecurity technical documentation for any radio equipment subject to Arts. 3(3)(d), (e) and/or (f). Applies to manufacturers (Art. 10), importers (Art. 12) and distributors (Art. 13) under Directive 2014/53/EU.

Routers, modems, access points, mesh WiFi, repeaters
IP cameras, video doorbells, video surveillance systems
Smart speakers, voice assistants, smart TVs, set-top boxes
Smartphones, tablets, laptops with WiFi, e-readers
Smartwatches, fitness trackers, Bluetooth headphones, wearables
Industrial IoT sensors, gateways, PLCs with radio, smart meters
Baby monitors, WiFi/BLE toys, children's GPS watches
NFC payment terminals, devices with money transfer capabilities
Drones with radio, GPS trackers, connected appliances

EXEMPT

Products excluded from scope

These categories fall outside the scope of Delegated Reg. (EU) 2022/30 because they are already regulated by other EU sectoral legislation covering cybersecurity aspects.

Medical devices (Reg. 2017/745) and in vitro diagnostics (Reg. 2017/746) — Art. 2(1) of the Delegated Reg.
Civil aviation (Reg. 2018/1139) — Art. 2(2)(a) of the Delegated Reg. [Arts. 3(3)(e)(f) only]
Vehicles and their components (Reg. 2019/2144) — Art. 2(2)(b) of the Delegated Reg. [Arts. 3(3)(e)(f) only]
Electronic road tolling (Dir. 2019/520) — Art. 2(2)(c) of the Delegated Reg. [Arts. 3(3)(e)(f) only]
Radio equipment used exclusively for defense, state security or public safety activities (Art. 1(3) of the Directive)
Radio equipment with no internet connection (direct or indirect) — does not trigger Art. 3(3)(d)

REQUIRES EXTRA ATTENTION

Products that need a Notified Body

These radio equipment types fall within the scope of the Delegated Reg. but their conformity procedure requires involvement of a Notified Body under Art. 17(4) of the Directive. REDCheck generates the base documentation; the third-party assessment is a separate step.

Equipment applying EN 18031 standards only partially — Module B+C (Annex III) or Module H (Annex IV)
Equipment for which no applicable harmonised standards exist — Module B+C or H required (Art. 17(4))
Equipment whose EN 18031 implementation falls under the restrictions of Implementing Decision (EU) 2025/138 (e.g., allows user to skip password setup)

Not sure about your case? Take the free test first. If REDCheck is not the right tool for your product, we tell you before you buy.

Who buys REDCheck

Manufacturers (Art. 10), importers (Art. 12) and distributors (Art. 13) of internet-connected radio equipment sold in the EU.

📡European IoT device manufacturer (industrial sensors, smart home, wearables, IP cameras) selling in the EU market. Needs cybersecurity technical documentation + risk assessment + declaration of conformity before affixing CE marking. 8–30 employees, no dedicated regulatory team. €99 vs. €5,000–20,000 at a Notified Body.

🌍Non-EU manufacturer (China, Taiwan, South Korea, India, USA) selling routers, smart plugs, cameras or wearables to European buyers or on Amazon EU. Their EU importer requires cybersecurity documentation under Art. 12(2). €99 vs. losing an entire European distribution channel.

📦EU importer: a company that places radio equipment manufactured in third countries on the European market. Art. 12: before marketing, must verify that the manufacturer has carried out the conformity assessment and that technical documentation covering cybersecurity requirements exists.

🛒Amazon, eBay or Shopify seller marketing consumer electronics with WiFi/BLE in the EU. If you place the product on the market under your own brand, you are the manufacturer under the Directive (Art. 14). You need the documentation right now to keep your listings active.

📊Compliance manager at a mid-to-large company with a broad catalog of connected radio equipment. Needs to document all products before August 1, 2025. The Professional Pack is the solution: €999 for 70 generations.

💼Cybersecurity consultant or law firm looking to offer “RED cybersecurity compliance” as a service to clients. Buy REDCheck as an internal tool and invoice the service.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are “effective, proportionate and dissuasive,” including criminal penalties for serious infringements. Market surveillance authorities can order withdrawal, prohibition and recall.

🛡 Market withdrawal and sales prohibition

Market surveillance authorities can require the economic operator to withdraw the radio equipment from the market, prohibit its sale or order a recall if the product fails to meet the essential requirements of Art. 3 — including the cybersecurity requirements activated by Delegated Reg. (EU) 2022/30. Arts. 40(1), 40(4) and 43 of Directive 2014/53/EU. Applies in any EU Member State.

💰 National administrative and criminal penalties

Each Member State sets its own penalties under Art. 46. Example: Germany — the Produktsicherheitsgesetz provides for fines of €3,000 to €30,000 (§ 19) and up to 1 year of imprisonment for serious offenses (§ 20). Art. 46 explicitly requires that penalties “may include criminal penalties for serious infringements.” The exact amount depends on the Member State and the severity of the breach.

⚠ Marketplace listing removal

Amazon, eBay and other European marketplaces require conformity documentation as a condition to maintain an active listing. Without an EU declaration of conformity covering Arts. 3(3)(d), (e) and (f), the product may be suspended or removed from the platform. The most immediate practical consequence for consumer electronics sellers: revenue loss from listing suspension, with no right to compensation.

How your license works

No fine print. Read this before buying so you know exactly what you get for €99.

1 license = 1 radio equipment product. You pay €99 per product. For a different product, a different license. The license is permanently linked to the radio equipment you describe in the generator.

Up to 10 ZIP regenerations to correct data, adjust the product classification or update technical information. Plenty of room to edit at your own pace.

30-day editing window from the first activation. Within that period, you can regenerate all 5 documents as many times as needed (up to 10).

Downloaded PDFs are yours forever. The 5 PDF documents you download in the ZIP do not expire, do not depend on any active subscription and require no renewal. What the license limits is regeneration, not use of the document.

Legal basis: In accordance with Art. 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the license, the buyer gives express consent to the immediate generation of digital content, waiving the 14-day right of withdrawal for digital content whose execution has begun.

REDCheck vs. the alternatives

Compare the four models available in the market to document radio equipment under Delegated Regulation (EU) 2022/30.

Criteria	Notified Body / Lab	Enterprise SaaS	Free resources	REDCheck
Price	€5,000 – 20,000 per product	€4,000/year (subscription)	€0 (fragmented)	€99 per product (one-time payment)
Turnaround time	2 – 6 months (queue wait)	3 weeks (with onboarding)	Variable (you assemble it all)	30 minutes
Documents generated	Variable depending on scope	Variable depending on plan	Cheat sheets, no formal documentation	5 PDF documents in ZIP
Article coverage	Customized	Full EN 18031	Partial	Arts. 3(3)(d)(e)(f) · Art. 17 · Art. 18 + Anexo VI · Art. 21 + Anexo V · Art. 10.9 + Anexo VII
Chip independence	Yes	Yes	Some ESP32 only	Any radio chip/platform
Data in browser	Your data goes to the lab	Your data goes to their servers	Local (manual)	100% browser-side · Zero data to server
Business model	Per-project engagement	Annual recurring subscription	No commitment	One-time payment with no renewal or subscription

Price ranges based on published rates from Notified Bodies (TÜV, SGS, Intertek, Bureau Veritas) and IoT cybersecurity SaaS platforms. No specific brands cited.

Why REDCheck is structurally different

It's not that it's cheaper. The model is different.

GUIDED SELF-ASSESSMENT

The manufacturer assesses, REDCheck structures

Directive 2014/53/EU establishes that technical documentation is the manufacturer's responsibility (Art. 10(1), 10(3)). REDCheck inverts the consulting model: you, as the manufacturer, assess your own product requirement by requirement, guided by the generator's questions that map to the EN 18031 categories. REDCheck structures your assessment into 5 professional documents compliant with Annex V.

BROWSER-SIDE

Your product data never leaves your browser

REDCheck is JavaScript running on your machine. There is no server processing your product data, no database, no storage. The generation of all 5 PDFs happens locally and you download the ZIP directly. You can disconnect from the internet after the page loads and the generator keeps working. GDPR-native by design.

PORTABILITY

Downloaded PDFs are yours, no subscription

The 5 documents you download do not depend on any active subscription. SaaS compliance platforms force you to renew to maintain access to your reports. Here, the ZIP is a portable package that outlasts your commercial relationship with us. The manufacturer must retain technical documentation for 10 years (Art. 10(4)): your PDFs comply without paying another cent.

Choose your REDCheck license

Without cybersecurity technical documentation under Art. 21, your radio equipment cannot bear CE marking or be legally marketed in the EU from August 1, 2025. One license per product. One-time payment. No subscription.

1 PRODUCT

99 €

/ product

✔ 5 PDF documents in ZIP

✔ Cybersecurity Technical Doc. (Annex V)

✔ Risk assessment Arts. 3(3)(d)(e)(f)

✔ EU Declaration of Conformity (Anexo VI)

✔ 10 regenerations · 30 days

Buy license →

PROFESSIONAL PACK

999 €

70 generations · 1 key

For multi-product catalogs

✔ 70 generations with one key

✔ 70 complete dossiers (5 documents each)

✔ Ideal for companies with product portfolios

✔ For consultants billing RED compliance

✔ Switch products between generations

Buy Professional Pack →

More than 70 products? — hello@solidwaretools.com
All prices include VAT where applicable. Secure payment via Gumroad.

✔ 100% browser-side (GDPR-native)

✔ No subscription or renewal

✔ Articles and annexes cited in every PDF

✔ Generator updated with regulatory changes

✔ Printable label with QR code

✔ Technical support by email

Important notice on product scope. REDCheck generates cybersecurity technical documentation under Art. 21 and Annex V of Directive 2014/53/EU. It is not a third-party audit. It does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

For manufacturers fully applying the EN 18031 standards, self-declaration (Module A, Annex II) is the standard procedure. For manufacturers partially applying or not applying the harmonised standards, Module B+C (Annex III) or Module H (Annex IV) are mandatory. In both cases, REDCheck generates the technical documentation that is a prerequisite for any conformity procedure.

Temporal scope: REDCheck v1.0 covers the cybersecurity requirements of Arts. 3(3)(d), (e) and (f) activated by Delegated Reg. (EU) 2022/30, in effect from 1 August 2025 to 11 December 2027. From 11 December 2027, these requirements will be absorbed by the Cyber Resilience Act — Reg. (EU) 2024/2847. We offer CRACheck for that phase.

What REDCheck guarantees and what it does not

Commercial honesty about product scope and how refunds work for downloadable digital content.

Guarantees and liability

REDCheck generates a set of structured documents under Art. 21 and Annex V of Directive 2014/53/EU, based on the information that you, as the manufacturer of the radio equipment, enter. The accuracy, completeness and truthfulness of that information is your responsibility as manufacturer under Art. 10(1).

We guarantee that the document structure follows Annex V and Annex VI, and that the legal references cited (articles, annexes, obligations) are correct as of the last verification date. We do not guarantee that a specific dossier will be accepted by a market surveillance authority in a particular case or by a Notified Body.

REDCheck is not legal advice. For specific situations (open inspection, initiated penalty procedure, third-party conformity assessment), consult a lawyer or a consultancy specializing in IoT cybersecurity.

Refund policy

REDCheck is digital content delivered via download of the ZIP file containing the 5 PDF documents generated in your browser. Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, the right of withdrawal does not apply to digital content whose execution has begun with the express consent of the buyer. The ZIP generation constitutes the act of delivery.

Refund for technical failure: if the software fails (generator error, PDF that does not download, reproducible bug), we issue a full refund upon receipt of a screenshot of the error sent to hello@solidwaretools.com within 14 days of purchase.

No refund for change of mind once the license has been activated and the ZIP generated, in accordance with Art. 16(m) cited above.

Frequently asked questions

What are the RED cybersecurity requirements?▼

Art. 3(3) of Directive 2014/53/EU (Radio Equipment Directive) sets additional essential requirements for certain categories of radio equipment. Delegated Regulation (EU) 2022/30 activated three of those requirements — Art. 3(3)(d) network protection, Art. 3(3)(e) personal data and privacy protection, and Art. 3(3)(f) fraud protection — for internet-connected radio equipment, wearables, radio toys and childcare equipment. They are mandatory from 1 August 2025.

Is my product affected?▼

If your product is radio equipment capable of communicating over the internet (directly or indirectly), it is subject to Art. 3(3)(d) under Art. 1(1) of Delegated Reg. (EU) 2022/30. If it also processes personal data (Art. 4(1) of GDPR) or traffic/location data (Art. 2 of Dir. 2002/58/EC), Art. 3(3)(e) also applies. If it enables money or monetary value transfers, Art. 3(3)(f) applies. Exempt: medical devices, aviation, vehicles and electronic road tolling.

What are the EN 18031 standards?▼

These are the three European harmonised technical standards that detail HOW to comply with the Directive's cybersecurity requirements: EN 18031-1:2024 (network protection, Art. 3(3)(d)), EN 18031-2:2024 (personal data, Art. 3(3)(e)) and EN 18031-3:2024 (fraud, Art. 3(3)(f)). They were published in Implementing Decision (EU) 2025/138. If your product fully follows them, you get “presumption of conformity” (Art. 16) and can use self-declaration (Module A) without needing a Notified Body.

Does REDCheck replace a Notified Body?▼

No. REDCheck generates the technical documentation that the manufacturer must prepare under Art. 21. If you fully apply the EN 18031 standards, you can self-declare conformity via Module A (Annex II) and do not need a Notified Body. If you partially apply or do not apply the harmonised standards, Art. 17(4) requires Module B+C (Annex III) or Module H (Annex IV) with Notified Body involvement. In both cases, the generated documentation is a prerequisite.

How does it relate to the CRA (Cyber Resilience Act)?▼

Delegated Regulation (EU) 2022/30 will be repealed with effect from 11 December 2027, when Regulation (EU) 2024/2847 (Cyber Resilience Act) enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For products that need CRA documentation from that date, we offer CRACheck. Both products are complementary: REDCheck for the present, CRACheck for the future.

Is my data secure?▼

Yes. All processing happens 100% in your browser. No data about your company, your radio equipment, its technical characteristics or your risk assessment is transmitted to any SolidwareTools server or third party. You can disconnect from the internet after the page loads and the generator keeps working. When you close the tab, the information disappears. GDPR-native by design, not by claim.

Does it work if I operate from outside the EU?▼

Yes. Directive 2014/53/EU applies to any radio equipment made available on the EU market, regardless of where it is manufactured. If you sell radio equipment to European buyers, or if an EU importer markets your products in Europe, you need to comply. Importers are required to verify that the manufacturer has carried out the conformity assessment and that technical documentation exists before placing the product on the market (Art. 12(2)).

Is there a subscription or recurring fees?▼

No. Each tool is a one-time payment per radio equipment product. No monthly fees, no auto-renewals, no commitment. The 5 downloaded PDF documents are permanent and yours forever. Each license covers one product with a 30-day editing window and up to 10 regenerations to correct data or update details. After that period the license closes, but the PDFs you already downloaded remain valid indefinitely.

Can I request a refund?▼

Digital products are governed by Art. 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the license in the generator and expressly confirming document generation, the buyer consents to the downloadable digital content nature of the product and waives the right of withdrawal. No refunds for change of mind once the license is activated. Refunds are accepted for reproducible technical failures (generator error, PDF that does not download, verifiable bug) by sending a screenshot of the error to hello@solidwaretools.com within 14 calendar days of purchase.

What if the regulation changes?▼

If Directive 2014/53/EU, Delegated Reg. (EU) 2022/30 or the EN 18031 standards change during your license validity period (30 days), you can regenerate the documents with the updated version of the generator at no additional cost. Generator updates are free and the latest version is always available with the same license key. SolidwareTools monitors the OJEU and EUR-Lex weekly to ensure this product reflects current regulation.

Cybersecurity documentation for your radio equipment under Directive 2014/53/EU and Delegated Regulation (EU) 2022/30.