Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Art. 3(3)(e) of Directive 2014/53/EU requires your childcare radio equipment to protect personal data and privacy. This is a separate obligation from the Toy Safety Directive and from general CE marking.

You manufacture baby monitors, child tracking devices, nursery sensors or any radio equipment designed exclusively for childcare. Art. 1(2)(b) of Delegated Regulation (EU) 2022/30 creates a specific category for this equipment: Art. 3(3)(e) applies if it processes personal data — even without internet connectivity. This is not covered by your existing Toy Safety certification or your EMC/safety CE marking. It is a new, separate requirement in force from 1 August 2025. REDCheck generates the 5 PDF documents that structure your Art. 3(3)(e) compliance. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Childcare radio equipment and EU cybersecurity: the numbers

Art. 1(2)(b) of the Delegated Regulation creates a protected category for childcare equipment with a lower threshold than general consumer electronics.

Art. 1(2)(b)
Childcare radio equipment = special category: Art. 3(3)(e) applies without internet connectivity
5 documents
Product classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label
No internet required
Unlike general consumer electronics, childcare radio equipment triggers Art. 3(3)(e) even without internet — if it processes personal data

What REDCheck does with your childcare product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.

1
Company details
Legal name, role under Directive 2014/53/EU (manufacturer, Art. 10), country of manufacture, EU contact.
2
Product classification
Determines which essential requirements apply. Art. 1(2)(b): radio equipment designed or intended exclusively for childcare. Art. 3(3)(e) applies if the device processes personal data. If it ALSO connects to the internet, Art. 3(3)(d) applies additionally under Art. 1(1).
3
Cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 (network) and EN 18031-2 (personal data) categories: access control, authentication, secure communications, software updates, vulnerability management.
4
Risk assessment
Assessment of implementation status for each applicable requirement of Arts. 3(3)(d) and (e). Maps your answers to a structured risk table.
5
EU Declaration of Conformity
Formal declaration under Art. 18 and Annex VI. Signed by the manufacturer. Basis for CE marking under Arts. 19–20.
6
Download ZIP
5 PDF documents generated in your browser. Add to your technical file alongside test reports and user manual. Retain for 10 years (Art. 10(4)).

Three mistakes childcare equipment manufacturers make about RED cybersecurity

COMMON ERROR

"Designed exclusively for childcare" only means baby monitors

The Delegated Regulation does not define 'childcare' narrowly. Recital 12 refers to 'child monitors' but the legal text in Art. 1(2)(b) covers all radio equipment 'designed or intended exclusively for childcare.' This includes nursery sensors, child presence detectors, audio monitors and any radio device marketed specifically for the care of children.

COMMON ERROR

"No internet = no cybersecurity requirement"

For GENERAL consumer electronics, Art. 3(3)(d) requires internet connectivity. But Art. 1(2)(b) creates a SPECIAL CATEGORY for childcare equipment. Art. 3(3)(e) applies to childcare radio equipment that processes personal data — regardless of internet connectivity. A DECT nursery sensor that detects movement processes personal data.

COMMON ERROR

"Our existing CE marking covers all safety requirements"

CE marking for EMC (Art. 3(1)(b)) and electrical safety (Art. 3(1)(a)) does not cover cybersecurity. Art. 3(3)(e) is a SEPARATE essential requirement activated by Delegated Regulation (EU) 2022/30. The EU declaration of conformity must now specifically reference Art. 3(3)(e).

What's in the ZIP

5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 NOTIFIED BODY / LAB
€5,000–12,000
Per product model. 3–6 months.
✓ REDCHECK
€99
5 documents. 30 minutes per model.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Childcare products receive priority enforcement treatment.

🧸
Child safety product recall
Immediate + Safety Gate

Non-compliant childcare products receive priority treatment from market surveillance authorities. Recalls are published in the Safety Gate (RAPEX) system.

🇪🇺
Safety Gate (RAPEX) notification
Reputational damage

Non-compliant childcare products are published in the EU Safety Gate system. The product, manufacturer and country of origin are publicly identified.

🛒
Marketplace listing removal
Revenue loss

Amazon, eBay and European marketplaces require conformity documentation. Children's products receive heightened scrutiny.

Alternatives

AlternativeCostWhat you get
Notified Body / accredited lab€5,000–10,000 per model3–6 months. Full third-party assessment.
Cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Assemble documentation yourself€0 (your time)EN 18031 has 600+ pages. No template.
REDCheck€995 documents, 30 min, per model

Manufacturing more than one childcare radio product?

If you document 10 or more product models, write to us for the Professional Pack: €999 for 70 generations with a single license key.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — childcare radio equipment cybersecurity

What counts as 'designed or intended exclusively for childcare'?
Art. 1(2)(b) covers radio equipment that is designed or marketed specifically for the care of children. This includes baby monitors, nursery sensors, child presence detectors and similar devices. A general-purpose security camera that a parent happens to use to watch a child is NOT 'designed exclusively for childcare.' The product's intended purpose — as stated in marketing materials, packaging and user manual — determines classification.
My nursery sensor detects movement but does not record audio or video. Does it process personal data?
Movement data linked to a specific child in a specific location can constitute personal data under Art. 4(1) of GDPR — it relates to an identifiable natural person. If the sensor can determine that a specific child is moving (or not moving) in a specific crib, it processes personal data. Context matters: a generic motion sensor not linked to an individual may not.
We also make products for elderly care. Does Art. 1(2)(b) apply?
Art. 1(2)(b) is limited to 'childcare.' Elderly care equipment is not covered by this specific article. However, if the equipment connects to the internet, Art. 3(3)(d) applies under Art. 1(1). If it processes personal data as internet-connected equipment, Art. 3(3)(e) applies under Art. 1(2)(a).
What happens when the CRA replaces the RED cybersecurity requirements?
Delegated Regulation (EU) 2022/30 will be repealed with effect from 11 December 2027, when the Cyber Resilience Act — Regulation (EU) 2024/2847 — enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For CRA documentation from that date, SolidwareTools offers CRACheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your childcare radio equipment needs cybersecurity documentation. Generate it in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer. The ZIP you download is yours permanently.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

👶 Baby monitors

Baby monitor cybersecurity without internet: Art. 1(2)(b)
🧸 Toys

Toy with Bluetooth: cybersecurity documentation EU 2025
🔌 Connected toy

Connected toy: RED Directive documentation EU requirement
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history