Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your existing EU declaration of conformity does not cover cybersecurity. From 1 August 2025, Annex VI requires explicit reference to Arts. 3(3)(d), (e) and (f) — and to the EN 18031 standards applied.

Art. 18 of Directive 2014/53/EU requires the manufacturer to draw up an EU declaration of conformity stating that all applicable essential requirements have been demonstrated. If your current declaration references only Art. 3(1)(a) (safety) and Art. 3(1)(b) (EMC), it is incomplete from 1 August 2025. The declaration must now also cite Art. 3(3)(d) (network protection), Art. 3(3)(e) (personal data) and/or Art. 3(3)(f) (fraud) — whichever apply to your product. It must reference the EN 18031 harmonised standards used. REDCheck generates this declaration as PDF 4 in the 5-document package — pre-formatted to Annex VI, with all applicable references populated from your product data. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

EU declaration of conformity for cybersecurity: the numbers

Annex VI defines what the declaration must contain. Art. 18 defines who must sign it.

Annex VI
9 elements required in the EU declaration of conformity. REDCheck populates all of them from your product data.
Art. 18(4)
By drawing up the declaration, the manufacturer assumes responsibility for compliance. The declaration is a legal commitment.
Art. 10(9)
Each item of radio equipment must be accompanied by the declaration or a simplified version (Annex VII) with a URL to the full text.

What Annex VI requires in your declaration

The 9 elements of the EU declaration of conformity.

1
Element 1: Product identification
Product name, type, batch or serial number. Must allow traceability (Art. 10(6)).
2
Element 2: Manufacturer identification
Legal name and address. Under Art. 14, this is the brand owner — not necessarily the factory.
3
Element 5: Conformity statement
'The object of the declaration is in conformity with: Directive 2014/53/EU' — and must explicitly list Art. 3(3)(d), (e) and/or (f) as applicable.
4
Element 6: Standards applied
References to EN 18031-1, -2 and/or -3 with version numbers. If fully applied: basis for Module A.
5
Element 7: Notified Body (if applicable)
If Module B+C or H was used: name, number and certificate reference of the Notified Body.
6
Signature
Signed by or on behalf of the manufacturer. Date and place of issue. The signature is a legal act under Art. 18(4).

Three mistakes about the EU declaration of conformity

COMMON ERROR

"Our existing DoC says 'Directive 2014/53/EU' — that covers everything"

Citing the Directive is necessary but not sufficient. The declaration must state which essential requirements have been demonstrated (Annex VI, element 5). If your DoC does not specifically list Art. 3(3)(d), (e) or (f), it does not declare conformity with cybersecurity.

COMMON ERROR

"We can add the cybersecurity references to our existing DoC manually"

You can — but the declaration must be consistent with your technical documentation. If you add Art. 3(3)(d) to your DoC but your technical file does not contain cybersecurity documentation under Annex V, the declaration is unsupported. The DoC declares what the technical file proves. Both must exist.

COMMON ERROR

"The simplified declaration (Annex VII) is enough"

Art. 10(9) allows the simplified declaration to ACCOMPANY the product instead of the full DoC. But the FULL declaration must exist and be accessible at the URL specified in the simplified version. The simplified declaration is a shortcut for packaging — not a replacement for the full document.

What's in the ZIP

5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 CONSULTANCY
€5,000–15,000
Includes declaration as part of a larger documentation package.
✓ REDCHECK
€99
5 documents including the DoC pre-formatted to Annex VI. 30 minutes.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Art. 40 of Directive 2014/53/EU. Market surveillance can require withdrawal across all 27 Member States.

🇩🇪
Germany — Produktsicherheitsgesetz
€3,000–€30,000

Administrative fines under §19. Up to 1 year of imprisonment under §20.

🛒
Marketplace listing removal
Revenue loss

Amazon and EU marketplaces require conformity documentation. Missing cybersecurity documentation triggers listing suspension.

Alternatives

AlternativeCostWhat you get
Notified Body / accredited lab€5,000–10,000 per model3–6 months. Full third-party assessment.
Cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Assemble documentation yourself€0 (your time)EN 18031 has 600+ pages. No template.
REDCheck€995 documents, 30 min, per model

Documenting more than one product?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — EU declaration of conformity

Can I have a single DoC covering safety, EMC AND cybersecurity?
Yes. Art. 18(3): 'Where radio equipment is subject to more than one Union act requiring an EU declaration of conformity, a single EU declaration of conformity shall be drawn up.' One declaration covering Art. 3(1)(a), 3(1)(b), 3(2), 3(3)(d), (e) and (f). REDCheck generates the cybersecurity portion; you merge it with your existing EMC/safety declaration.
Do I need a new DoC for each production batch?
The DoC is per radio equipment TYPE, not per batch. Art. 18(2): 'shall be continuously updated.' If your product design, firmware or applied standards change, update the declaration. If the same type continues unchanged, the existing DoC covers new batches.
What happens when the CRA replaces the RED cybersecurity requirements?
Delegated Regulation (EU) 2022/30 will be repealed with effect from 11 December 2027, when the Cyber Resilience Act — Regulation (EU) 2024/2847 — enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For CRA documentation from that date, SolidwareTools offers CRACheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your EU declaration of conformity needs cybersecurity references. Generate it in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Declaration pre-formatted to Annex VI. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

📄 Annex V

Annex V: cybersecurity documentation requirements
🛡 Risk assessment

Cybersecurity risk assessment under EN 18031
⚖ Module A

Module A vs Notified Body: which conformity route?
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history