Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You manufacture wearables in the United States and plan to sell in Europe. Art. 3(3)(e) applies to your product even if it only uses BLE and has no internet connection. If it also connects to the internet, Art. 3(3)(d) applies too. That is a double cybersecurity requirement — and it starts on 1 August 2025.

You build fitness trackers, smartwatches or health monitors with BLE and WiFi. Your EU launch is planned for Q3 2025. Art. 1(2)(d) of Delegated Regulation (EU) 2022/30: wearable radio equipment that processes personal data must comply with Art. 3(3)(e) REGARDLESS of whether it has an internet connection. And if your wearable connects to the internet via a smartphone app, Art. 3(3)(d) also applies. A consultancy quotes $18,000 per model. REDCheck generates the 5 PDF documents. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my wearable need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

EU cybersecurity requirements for wearables: the numbers

Wearables are a special category under Delegated Regulation (EU) 2022/30. Art. 1(2)(d) applies Art. 3(3)(e) even without internet connection. Unique among product categories.

Art. 1(2)(d)
Wearables trigger Art. 3(3)(e) even WITHOUT internet. BLE-only wearables processing personal data are in scope.
Double requirement
If the wearable also connects to the internet: Art. 3(3)(d) + Art. 3(3)(e)
€99
Cost per model. Same documentation whether BLE-only or WiFi+BLE.

What REDCheck does with your product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.

1
Company details
Legal name, role under Directive 2014/53/EU, country, EU contact.
2
Product classification
Determines applicable requirements: Art. 3(3)(d), (e) and/or (f).
3
Cybersecurity assessment
EN 18031 categories: access control, authentication, secure comms, updates, vulnerability management.
4
Risk assessment
Structured risk table per applicable requirement.
5
EU Declaration of Conformity
Art. 18 + Annex VI. Basis for CE marking.
6
Download ZIP
5 PDFs. Add to technical file. Retain 10 years (Art. 10(4)).

Three mistakes American wearable companies make about EU cybersecurity

COMMON ERROR

"Our wearable is BLE-only — it doesn't connect to the internet, so cybersecurity doesn't apply"

WRONG for wearables. Art. 1(2)(d) applies Art. 3(3)(e) to radio equipment designed to be worn on the body — IF it processes personal data. No internet connection required. Heart rate, step count, sleep data, GPS location — all personal data under GDPR Art. 4(1).

COMMON ERROR

"Health data is covered by HIPAA — we don't need EU documentation"

HIPAA is US legislation. It has no legal force in the EU. Art. 3(3)(e) requires the wearable device itself to incorporate safeguards for personal data. EN 18031-2 is the relevant European standard.

COMMON ERROR

"The smartphone app handles data protection, not the wearable"

Art. 3(3)(e) applies to the RADIO EQUIPMENT — the physical wearable. Recital 8: 'all aspects and parts of the equipment should comply.' If the wearable collects or transmits personal data via BLE or WiFi, it must incorporate safeguards.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 EU CONSULTANCY
$18,000
Per model. 4-5 months. Delays EU launch to Q4.
✓ REDCHECK
€99
5 documents. 30 minutes. Launch on schedule.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Wearables that process health data are under heightened scrutiny from EU data protection and market surveillance authorities.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Arts. 40(1), 40(4) and 43 of Directive 2014/53/EU.

🔒
GDPR overlap
Up to €20M or 4% of global turnover

A failure at the device level can also trigger GDPR enforcement. The penalties compound.

📉
Investor and board impact
Strategic

A compliance delay that pushes your EU launch from Q3 to Q4 costs more than €99.

Alternatives

AlternativeCostWhat you get
EU consultancy$15,000–20,000/model4-5 months. Delays launch.
Hire EU regulatory specialist$100,000+/yearIf you can afford it at Series A.
Rely on HIPAA compliance$0HIPAA has no legal force in the EU. Zero coverage.
REDCheck€995 documents, 30 min. Covers Art. 3(3)(d) + (e).

Multiple wearable models?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

My fitness tracker uses BLE only and syncs to a phone app. Does Art. 3(3)(d) apply?
Art. 1(1) applies Art. 3(3)(d) to radio equipment that communicates over the internet directly or via any other equipment. The smartphone is the intermediary. Art. 3(3)(d) applies. Plus, as a wearable processing personal data, Art. 3(3)(e) applies independently under Art. 1(2)(d).
Heart rate and step count are anonymized in our system. Does Art. 3(3)(e) still apply?
Art. 3(3)(e) applies at the DEVICE level. Heart rate data associated with a device ID is personal data under GDPR Art. 4(1). Anonymization at the server does not retroactively eliminate the device's capability to process personal data.
We plan to seek FDA clearance. Does that help with EU cybersecurity?
If your wearable qualifies as a medical device under Regulation (EU) 2017/745, it is EXEMPT from Arts. 3(3)(d)(e)(f). If it is a consumer fitness tracker, the exemption does not apply.
What happens when the CRA replaces RED?
Delegated Regulation (EU) 2022/30 will be repealed from 11 December 2027. REDCheck covers 1 August 2025 to 11 December 2027.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Wearables trigger Art. 3(3)(e) even without internet. Generate the documentation before your EU launch.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

⌚ Fitness tracker

Fitness tracker manufacturer: EU RED cybersecurity documentation

🇺🇸 US manufacturer

US manufacturer: RED Directive cybersecurity documentation

⚖ FCC vs CE

FCC vs CE: cybersecurity differences for radio equipment

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history