Annex V of Directive 2014/53/EU requires the technical documentation to contain 'results of design calculations made, examinations carried out, and other relevant similar elements' (Annex V(g)). For cybersecurity, this means a structured risk assessment: which requirements apply, what your product implements, what gaps exist and what risk each gap represents. REDCheck walks you through the EN 18031 categories — access control, authentication, cryptography, secure communications, software integrity, updates, vulnerability management, event logging, personal data protection — and generates a risk table that maps each requirement to your implementation status. 30 minutes. €99 per product.
€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser
The risk assessment is the analytical core of your cybersecurity documentation.
The generator walks through each applicable EN 18031 category systematically.
A penetration test evaluates TECHNICAL vulnerabilities in a running system. The cybersecurity risk assessment required by Art. 21 evaluates REGULATORY compliance: does the product meet each requirement of Arts. 3(3)(d), (e), (f) as detailed in EN 18031? A pentest report is evidence (Annex V(h)). The risk assessment is the structured analysis (Annex V(g)). Both are needed; they serve different purposes.
ISO 27001 covers information security management SYSTEMS — organisational processes, policies, people. The EN 18031 risk assessment covers PRODUCT-level cybersecurity: does THIS radio equipment implement access control, authentication, secure updates, etc.? The scope is entirely different. ISO 27001 is about your company. EN 18031 is about your product.
The Directive does not distinguish risk levels for documentation purposes. Art. 21 requires technical documentation for ALL radio equipment covered by Art. 3. A €3 smart plug and a €300 industrial gateway have the same documentation obligation.
5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.
Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.
Art. 21 + Annex V. Requirement-by-requirement documentation.
Arts. 3(3)(d) and (e). Structured risk table.
Art. 18 + Annex VI.
Art. 10(9) + Annex VII.
Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.
Generated from your data, in your browser. No product data leaves your computer.
5 PDF documents. 30 min. €99 per product. Maps your EN 18031 assessment to the Annex V structure. This is what Art. 21 requires BEFORE your product can bear CE marking — regardless of conformity route.
If you fully apply EN 18031, Art. 16 grants presumption of conformity → Module A self-declaration (Annex II) without Notified Body. If partially applied or not applied: Art. 17(4) requires Module B+C (Annex III) or Module H (Annex IV) with Notified Body. REDCheck generates the Layer 1 documentation that is a prerequisite for EITHER route.
We do not assess your product. We do not interpret EN 18031. We structure the documentation that Art. 21 requires based on YOUR assessment of YOUR product.
Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive.
Art. 40 of Directive 2014/53/EU. Market surveillance can require withdrawal across all 27 Member States.
Administrative fines under §19. Up to 1 year of imprisonment under §20.
Amazon and EU marketplaces require conformity documentation. Missing cybersecurity documentation triggers listing suspension.
| Alternative | Cost | What you get |
|---|---|---|
| Notified Body / accredited lab | €5,000–10,000 per model | 3–6 months. Full third-party assessment. |
| Cybersecurity consultancy | €5,000–15,000 per model | Custom report. Weeks of wait. |
| Assemble documentation yourself | €0 (your time) | EN 18031 has 600+ pages. No template. |
| REDCheck | €99 | 5 documents, 30 min, per model |
Professional Pack: €999 for 70 generations.
Request volume pricingREDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.
We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.
REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Five PDF documents. Art. 21 and Annex V. EN 18031 categories mapped requirement by requirement. Your product data never leaves your browser.