Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your baby monitor uses Bluetooth, not WiFi. You thought it was outside the scope. Art. 1(2)(b) of Delegated Regulation (EU) 2022/30 applies Art. 3(3)(e) to all radio equipment designed exclusively for childcare — regardless of internet connectivity.

You manufacture baby monitors, children's GPS watches and educational toys with Bluetooth. Your Danish importer forwards an article: childcare radio equipment triggers Art. 3(3)(e) even without internet. Some of your products only use BLE — no WiFi, no internet. You thought they were exempt. They are not. Art. 1(2)(b) of Delegated Regulation (EU) 2022/30 covers radio equipment designed exclusively for childcare. REDCheck generates 5 PDF documents covering the personal data protection requirements. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Cybersecurity documentation for childcare products: the data

Delegated Regulation (EU) 2022/30 created a special category for childcare radio equipment, toys and wearables that triggers Art. 3(3)(e) even without internet connectivity.

Art. 1(2)(b)
Radio equipment designed exclusively for childcare: Art. 3(3)(e) applies regardless of internet connectivity
BLE included
A Bluetooth-only baby monitor with no internet connection is in scope if it processes personal data (audio/video of a child)
5 documents
Classification confirming Art. 1(2)(b) scope, cybersecurity technical documentation, risk assessment, EU DoC, simplified declaration

What REDCheck does with your childcare product data

You enter your product specifications. REDCheck structures the documentation requirement by requirement, covering personal data protection under Art. 3(3)(e).

1
Company details
Legal name, role under Directive 2014/53/EU (manufacturer, Art. 10), country of manufacture, EU contact.
2
Product classification
Confirms Art. 1(2)(b) childcare category. Determines if Art. 3(3)(d) also applies (only if internet-connected).
3
Cybersecurity assessment — personal data (EN 18031-2)
Data minimization, encryption, secure transmission, consent mechanisms, data deletion, age-appropriate privacy measures.
4
Risk assessment
Structured risk table for Art. 3(3)(e) requirements. Heightened standards for children's data.
5
EU Declaration of Conformity
Formal declaration under Art. 18 and Annex VI. Signed by the manufacturer.
6
Download ZIP
5 PDF documents. Add to technical file. Retain 10 years (Art. 10(4)).

Mistakes childcare product manufacturers make

COMMON ERROR

"No internet connection = no cybersecurity requirements"

Art. 3(3)(d) requires internet connectivity, correct. But Art. 3(3)(e) has a broader scope for three specific categories: childcare equipment, toys with radio function, and wearables. Art. 1(2)(b), (c) and (d) of Delegated Regulation (EU) 2022/30 apply Art. 3(3)(e) to these categories if they process personal data — regardless of internet connectivity.

COMMON ERROR

"We comply with the Toy Safety Directive, that covers everything"

Directive 2009/48/EC (Toy Safety) covers physical safety, chemical substances and certain mechanical hazards. It does not cover cybersecurity. Art. 1(2)(c) of Delegated Regulation (EU) 2022/30 explicitly includes radio equipment covered by Directive 2009/48/EC as a separate category triggering Art. 3(3)(e). These are cumulative obligations, not alternatives.

COMMON ERROR

"Baby monitors don't process personal data"

A baby monitor that captures audio or video of a child in a recognizable setting processes personal data under Art. 4(1) of GDPR. Location data from a children's GPS watch is personal data. Sleep pattern data from a connected crib sensor is personal data. If your device captures any data attributable to an identifiable child, Art. 3(3)(e) applies.

What's in the ZIP

5 PDF documents generated from your childcare product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement.

3

Risk Assessment

Art. 3(3)(e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 CYBERSECURITY LAB — CHILDCARE PRODUCTS
€6,000–€12,000
Per model. Extra scrutiny for children's products.
✓ REDCHECK
€99
5 documents. 30 minutes. Covers Art. 3(3)(e) for childcare.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare. Otherwise Art. 17(4) requires third-party involvement. Children's products face heightened scrutiny.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
Children's products: priority enforcement
Heightened scrutiny

Market surveillance authorities across the EU treat children's products as a priority category. A cybersecurity incident in a baby monitor generates media coverage, regulatory escalation and potential product recalls across all 27 Member States.

🇩🇰
Denmark — Sikkerhedsstyrelsen
Variable

The Danish Safety Technology Authority actively monitors connected childcare products. Denmark is a key market for children's electronics in Northern Europe.

🛒
Marketplace removal
Revenue loss

Amazon and European marketplaces apply heightened compliance requirements to children's products. Missing documentation results in immediate listing suspension.

Alternatives

AlternativeCostWhat you get
Cybersecurity lab (children's category)€6,000–12,000/modelExtra scrutiny. 4–6 months.
Rely on Toy Safety Directive compliance only€0Does not cover cybersecurity.
Wait and see if enforcement starts€0One incident = media + recall + brand death.
REDCheck€995 documents, 30 min

Manufacturing baby monitors, GPS watches and connected toys?

If you document 10+ childcare product models, the Professional Pack covers 70 generations for €999.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — childcare products and RED cybersecurity

My baby monitor only uses BLE, no WiFi. Does Art. 3(3)(d) apply?
Art. 3(3)(d) applies only to internet-connected radio equipment (Art. 1(1) of Delegated Reg.). If your baby monitor uses BLE without any connection to the internet (direct or indirect), Art. 3(3)(d) does NOT apply. However, Art. 3(3)(e) DOES apply under Art. 1(2)(b) if the baby monitor processes personal data. The classification document generated by REDCheck will identify exactly which requirements apply to your product.
What about children's GPS watches? Which articles apply?
A children's GPS watch is (a) internet-connected (the GPS data is transmitted via cellular/WiFi), triggering Art. 3(3)(d) under Art. 1(1); (b) designed for childcare, triggering Art. 3(3)(e) under Art. 1(2)(b); and (c) a wearable, triggering Art. 3(3)(e) under Art. 1(2)(d). Both Art. 3(3)(d) and (e) apply. Location data of a child is sensitive personal data.
Does the GDPR 'children's data' special category interact with Art. 3(3)(e)?
Art. 3(3)(e) requires safeguards for personal data and privacy. The GDPR (Art. 8) provides additional protections for children's data, including parental consent requirements. REDCheck's risk assessment covers the data protection requirements of EN 18031-2, which include mechanisms for consent, data minimization and age-appropriate privacy measures.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your products are for children. The documentation must be right. Generate it in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

📷 IP cameras

IP camera manufacturer: RED cybersecurity compliance
⌚ Wearables

Korean wearable manufacturer: RED cybersecurity documentation
🛒 Amazon

Amazon EU listing suspended — cybersecurity documentation
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history