Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You sell WiFi products from the US into Europe. These are the exact EU cybersecurity requirements that apply to your products from 1 August 2025 — article by article.

Delegated Regulation (EU) 2022/30 activated the cybersecurity requirements of Art. 3(3)(d) and (e) for all internet-connected radio equipment. Any WiFi product you sell in the EU must now comply. The requirements are mapped to EN 18031-1 (network) and EN 18031-2 (personal data). They cover access control, authentication, secure communications, software updates, cryptography, and vulnerability management. REDCheck structures the documentation for each of these requirements. 30 minutes. €99 per product. 5 PDF documents.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

EU cybersecurity requirements for WiFi products: the framework

The requirements are structured in two layers: the legal obligation (Directive 2014/53/EU + Delegated Regulation 2022/30) and the technical standard (EN 18031 series). Both must be addressed in the documentation.

Art. 3(3)(d)
Network protection — radio equipment must not harm the network or cause unacceptable degradation of service
Art. 3(3)(e)
Personal data protection — radio equipment must incorporate safeguards to protect personal data and privacy
EN 18031
Harmonised standards: EN 18031-1 (network), EN 18031-2 (personal data), EN 18031-3 (fraud) — published January 2025

The cybersecurity requirements, mapped

Each requirement maps to specific categories in the EN 18031 standards. REDCheck structures your documentation against each one.

1
Access control
Who and what can access your device? Default credentials, user account management, privilege levels. EN 18031-1 §5.3 / EN 18031-2 §5.3.
2
Authentication
How does your device verify identity? Password strength, multi-factor, certificate-based authentication. EN 18031-1 §5.4 / EN 18031-2 §5.4.
3
Secure communications
How does your device protect data in transit? TLS, encryption protocols, certificate validation. EN 18031-1 §5.5 / EN 18031-2 §5.5.
4
Software updates
Can your device receive secure firmware updates? Integrity verification, rollback prevention, update notifications. EN 18031-1 §5.7 / EN 18031-2 §5.7.
5
Cryptography
What cryptographic mechanisms does your device use? Algorithm strength, key management, random number generation. EN 18031-1 §5.6 / EN 18031-2 §5.6.
6
Vulnerability management
How do you handle discovered vulnerabilities? Disclosure policy, patching process, end-of-support date. EN 18031-1 §5.8 / EN 18031-2 §5.8.

Three mistakes US companies make about EU cybersecurity requirements

COMMON MISTAKE

"Our product uses TLS — we already comply"

TLS addresses one category (secure communications). The requirements cover SIX categories: access control, authentication, secure communications, software updates, cryptography, and vulnerability management. TLS is necessary but not sufficient.

COMMON MISTAKE

"The requirements are vague — we can self-certify with a general statement"

The requirements must be documented requirement by requirement, mapped to EN 18031 categories, with a risk assessment for each. A general statement does not satisfy Art. 21 and Annex V.

COMMON MISTAKE

"FCC cybersecurity guidelines cover the same ground"

The FCC does not impose cybersecurity requirements on consumer radio equipment. FCC Part 15 addresses RF emissions. The EU requirements under Arts. 3(3)(d) and (e) have no US equivalent.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 EUROPEAN LAB / CONSULTANCY
$5,500–$20,000
Per model. 3–6 months.
✓ REDCHECK
€99 (~$108)
5 documents. 30 minutes.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
Market withdrawal
Immediate

Arts. 40(1), 40(4) and 43.

🛒
Amazon listing removal
Revenue loss

Amazon requires conformity documentation.

🇩🇪
Germany
€3,000–€30,000

Produktsicherheitsgesetz.

Alternatives

AlternativeCostWhat you get
European lab / consultancy$5,500–$20,000/model3–6 months.
Internal team$0 (staff time)EN 18031: 600+ pages, 3 parts.
Assemble yourself$0 (your time)No guidance.
REDCheck€99 (~$108)5 documents, 30 min, per model

Multiple WiFi products?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Are the EN 18031 standards mandatory?
EN 18031 are harmonised standards. Compliance creates a presumption of conformity (Art. 16). They are not legally mandatory, but using them allows Module A self-declaration (Art. 17(3)(a)). If you do NOT apply them, Art. 17(4) requires Notified Body involvement.
My product only has WiFi — no BLE, no Zigbee. Which parts of EN 18031 apply?
EN 18031-1 (network protection) applies. If your product also processes personal data, EN 18031-2 applies. The radio technology does not change which standard applies.
Do the requirements apply to products already on the market before August 2025?
Products placed on the EU market BEFORE 1 August 2025 under existing CE marking are not retroactively affected. Products placed FROM 1 August 2025 onwards must comply.
What happens when the CRA replaces RED?
Delegated Regulation (EU) 2022/30 will be repealed from 11 December 2027.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Six requirement categories. Five PDF documents. Thirty minutes. Structure your cybersecurity documentation now.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product (~$108)
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

💰 Cost

How much does RED cybersecurity documentation cost?

📋 Documents

What documents needed to sell radio equipment in the EU?

🏠 Smart home

US smart home company: EU compliance cost August 2025

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history