Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Annex V of Directive 2014/53/EU lists 9 elements that your technical documentation must contain. From 1 August 2025, cybersecurity is part of that documentation for all radio equipment in scope of Delegated Regulation (EU) 2022/30.

Art. 21(1): 'The technical documentation shall contain all relevant data or details of the means used by the manufacturer to ensure that radio equipment complies with the essential requirements set out in Article 3. It shall, at least, contain the elements set out in Annex V.' Annex V lists 9 elements, from product description to test reports. When cybersecurity requirements under Art. 3(3)(d), (e) and (f) apply, these 9 elements must address cybersecurity specifically — including the EN 18031 mapping, the risk assessment and the declaration of conformity referencing the applicable articles. REDCheck generates documentation that covers all 9 Annex V elements for cybersecurity. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Annex V: the numbers

9 minimum required elements. All must be present.

9 elements
Annex V lists 9 minimum required elements: (a) through (i). All must be present for the documentation to be considered complete under Art. 21.
Art. 21(4)
If documentation does not comply, the market surveillance authority can order testing at the manufacturer's expense.
10 years
Art. 10(4): manufacturers must retain technical documentation for 10 years after placing the product on the market.

The 9 elements of Annex V — and how REDCheck covers them

Each element maps to a specific section of the documentation package.

1
(a) General description
Photographs/illustrations, software/firmware versions, user information. REDCheck: populated from your product data entry.
2
(b) + (c) Design drawings and descriptions
Conceptual design, manufacturing drawings, component schemes. For cybersecurity: architecture diagrams, data flows, security boundaries. REDCheck: guided input for security architecture.
3
(d) Harmonised standards and solutions
List of EN 18031-1, -2 and/or -3 applied. Where not fully applied: description of alternative solutions. REDCheck: auto-populated from your EN 18031 assessment.
4
(e) + (f) Declaration of conformity and certificates
Copy of EU declaration of conformity (Annex VI). If Module B+C: copy of certificate. REDCheck: generates the DoC as PDF 4.
5
(g) + (h) Examination results and test reports
Risk assessments (V(g)). Test reports from labs (V(h)). REDCheck: generates the cybersecurity risk assessment (PDF 3). Test reports must come from your testing lab.
6
(i) Compliance explanation
Explanation of compliance with Art. 10(2). REDCheck: compliance statement included in PDF 1.

Three mistakes about Annex V documentation

COMMON ERROR

"Annex V only lists generic elements — cybersecurity doesn't need to be there"

Annex V applies to ALL essential requirements under Art. 3 — including Art. 3(3)(d), (e) and (f). The phrase 'all relevant data or details of the means used to ensure compliance' (Art. 21(1)) means that if cybersecurity requirements apply, the documentation must demonstrate how the manufacturer ensured compliance with them.

COMMON ERROR

"Test reports from our EMC lab cover Annex V(h)"

EMC test reports cover compliance with Art. 3(1)(b). They do NOT cover cybersecurity under Art. 3(3)(d)/(e)/(f). Annex V(h) requires test reports for ALL applicable requirements. If cybersecurity applies, you need cybersecurity-specific evidence.

COMMON ERROR

"We have the documentation in our internal systems — that's enough"

Art. 10(4): documentation must be 'kept at the disposal of national authorities.' Art. 10(12): must be provided 'in paper or electronic form' upon request. A structured PDF package is the practical standard for presenting technical documentation to market surveillance authorities.

What's in the ZIP

5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 CONSULTANCY
€5,000–15,000
Per product model. Covers all 9 Annex V elements.
✓ REDCHECK
€99
5 documents covering all 9 Annex V elements for cybersecurity. 30 minutes.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. Maps your EN 18031 assessment to the Annex V structure. This is what Art. 21 requires BEFORE your product can bear CE marking — regardless of conformity route.

∅ LAYER 2

Conformity assessment route

If you fully apply EN 18031, Art. 16 grants presumption of conformity → Module A self-declaration (Annex II) without Notified Body. If partially applied or not applied: Art. 17(4) requires Module B+C (Annex III) or Module H (Annex IV) with Notified Body. REDCheck generates the Layer 1 documentation that is a prerequisite for EITHER route.

We do not assess your product. We do not interpret EN 18031. We structure the documentation that Art. 21 requires based on YOUR assessment of YOUR product.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Art. 40 of Directive 2014/53/EU. Market surveillance can require withdrawal across all 27 Member States.

🇩🇪
Germany — Produktsicherheitsgesetz
€3,000–€30,000

Administrative fines under §19. Up to 1 year of imprisonment under §20.

🛒
Marketplace listing removal
Revenue loss

Amazon and EU marketplaces require conformity documentation. Missing cybersecurity documentation triggers listing suspension.

Alternatives

AlternativeCostWhat you get
Notified Body / accredited lab€5,000–10,000 per model3–6 months. Full third-party assessment.
Cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Assemble documentation yourself€0 (your time)EN 18031 has 600+ pages. No template.
REDCheck€995 documents, 30 min, per model

Documenting more than one product?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — Annex V documentation requirements

Does Annex V require a specific format?
No. Annex V lists required content elements, not a specific format. However, the documentation must be presentable to market surveillance authorities in paper or electronic form (Art. 10(12)). A structured PDF package with clear section references is the practical standard. REDCheck follows this format.
What is the difference between Annex V(g) and Annex V(h)?
Annex V(g): results of design calculations, examinations and similar elements — this is your internal assessment, including the cybersecurity risk assessment. Annex V(h): test reports — these come from a testing laboratory. REDCheck generates V(g). V(h) must come from your testing lab.
What happens when the CRA replaces the RED cybersecurity requirements?
Delegated Regulation (EU) 2022/30 will be repealed with effect from 11 December 2027, when the Cyber Resilience Act — Regulation (EU) 2024/2847 — enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For CRA documentation from that date, SolidwareTools offers CRACheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Annex V requires 9 elements. REDCheck structures all of them for cybersecurity. 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

✅ Annex VI

EU declaration of conformity: cybersecurity under Annex VI
🛡 Risk assessment

Cybersecurity risk assessment under EN 18031
📋 EN 18031

EN 18031 compliance tool: documentation generator
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history