You manufacture or sell WiFi-connected toys — educational tablets, interactive robots, smart dolls, connected building kits. Your toy connects to the internet for app interaction, firmware updates or cloud features. Art. 1(1) of Delegated Regulation (EU) 2022/30 activates Art. 3(3)(d) (network protection) for all internet-connected radio equipment. Art. 1(2)(c) ADDITIONALLY activates Art. 3(3)(e) (personal data) for toys under Directive 2009/48/EC. Your connected toy faces a DOUBLE requirement that general consumer electronics does not. Both must be documented. REDCheck covers both in a single documentation package. 30 minutes. €99 per product. 100% in your browser.
€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser
Connected toys sit at the intersection of three directives: Toy Safety, Radio Equipment, and GDPR. The cybersecurity documentation must address both network protection and personal data protection.
You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.
Directive 2009/48/EC covers physical, chemical, mechanical and electrical safety of toys. It does NOT cover cybersecurity of radio functions. Directive 2014/53/EU covers radio equipment — including connected toys. From 1 August 2025, Delegated Regulation (EU) 2022/30 adds cybersecurity requirements on top. Your toy needs BOTH: toy safety AND radio cybersecurity documentation.
If the app communicates with a cloud server, the toy communicates over the internet indirectly — via the app. Art. 1(1) of the Delegated Regulation applies to radio equipment that can communicate over the internet 'directly or via any other equipment.' A toy → app → cloud path triggers Art. 3(3)(d).
Art. 3(3)(e) applies to the RADIO EQUIPMENT, not to the app. If the toy collects data that is then transmitted to the app, the toy is processing personal data. The toy is the point of collection. The app is the processing infrastructure. Both must comply — the toy under RED, the app under GDPR.
5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.
Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.
Art. 21 + Annex V. Requirement-by-requirement documentation.
Arts. 3(3)(d) and (e). Structured risk table.
Art. 18 + Annex VI.
Art. 10(9) + Annex VII.
Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.
Generated from your data, in your browser. No product data leaves your computer.
5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.
If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.
We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.
Art. 46 of Directive 2014/53/EU requires Member States to establish penalties. Connected children's products face heightened scrutiny.
Market surveillance authorities treat non-compliant children's products with heightened urgency. A connected toy with cybersecurity vulnerabilities may be recalled under Arts. 40 and 43 — and the recall will be published in the Safety Gate (RAPEX) system.
Non-compliant toys are published in the EU Safety Gate system. The product, the manufacturer and the country of origin are publicly identified. For children's products, media amplification is immediate.
Amazon, eBay and European marketplaces require conformity documentation. Children's products receive heightened scrutiny. Listings can be removed without prior notice.
| Alternative | Cost | What you get |
|---|---|---|
| Notified Body / toy testing lab | €5,000–12,000 per model | 3–6 months. Full third-party assessment. |
| Cybersecurity consultancy | €5,000–15,000 per model | Custom report. Weeks of wait. |
| Assemble documentation yourself | €0 (your time) | EN 18031 has 600+ pages. No guidance. |
| REDCheck | €99 | 5 documents covering d+e, 30 min |
If you document 10 or more product models, write to us for the Professional Pack: €999 for 70 generations with a single license key.
Request volume pricingREDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.
We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.
REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Covers Art. 3(3)(d) and Art. 3(3)(e). Your product data never leaves your computer.