Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your Chinese supplier has CE marking for EMC and safety. They do not have cybersecurity documentation. You have asked them three times. The lab in Shenzhen quotes ¥35,000–85,000 per model and they have 14 models. They are not going to pay. You need a solution that costs less than a dinner in Guangzhou.

You are an EU importer. Your supplier in Shenzhen, Dongguan or Hangzhou manufactures smart plugs, routers, cameras or speakers. From 1 August 2025, Art. 12(2) requires you to verify cybersecurity documentation before placing the product on the EU market. Your supplier does not have it. A lab in China quotes ¥35,000–85,000 per model (€4,500–10,800). Your supplier has 14 models — that is ¥490,000–1,190,000 (€63,000–151,000). They will not pay. REDCheck costs €99 per model — ¥720. Send your supplier the link. 30 minutes. In their browser. Their data stays on their computer.

Generate RED documentation — €99Free: does this product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

The Chinese supplier problem: the numbers

Chinese manufacturers face a cost problem. Labs in Shenzhen charge ¥35,000–85,000 per model. Many manufacturers have 10–20 models. The total cost exceeds months of profit. They will delay, negotiate or switch importers.

¥35,000–85,000
Lab cost in Shenzhen per product model. 14 models = ¥490,000–1,190,000.
€99 (~¥720)
REDCheck per product model. 14 models = €1,386 (~¥10,000). The cost of a team dinner.
30 minutes
Per product model. In the supplier's browser. In English. No lab appointment needed.

How REDCheck helps you as importer

The documentation obligation is the manufacturer's (Art. 10). But if your supplier cannot produce it, your products are blocked. REDCheck is a tool you can send to your supplier.

1
Send the link to your supplier
Your manufacturer enters their company and product data into REDCheck. The tool runs in their browser — their data never leaves their computer.
2
Supplier completes product classification
Determines which essential requirements apply: Art. 3(3)(d), Art. 3(3)(e), or both.
3
Supplier completes cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 and EN 18031-2 categories.
4
Supplier generates ZIP with 5 PDFs
Product classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label.
5
You verify and file
Art. 12(2): verify that documentation exists. Art. 12(8): keep a copy of the EU declaration of conformity for 10 years.
6
Place on market
Your product is legally compliant. You have fulfilled Art. 12(1) and 12(2).

Three mistakes EU importers make when dealing with Chinese suppliers

COMMON ERROR

"I'll ask my supplier to just get the documentation — they'll handle it"

Your supplier's lab in Shenzhen quotes ¥35,000–85,000 per model. At 8% margins, documenting 14 models costs more than 5 months of profit. Your supplier will not prioritise this. You need to give them a tool that costs ¥720 per model and takes 30 minutes.

COMMON ERROR

"My supplier says they have cybersecurity CE — I trust them"

Art. 12(2) requires VERIFICATION, not trust. Ask your supplier to show you the EU declaration of conformity referencing Art. 3(3)(d) and (e). If the declaration only references Art. 3(1)(a) (safety) and Art. 3(1)(b) (EMC), cybersecurity is not covered.

COMMON ERROR

"I'll switch to a supplier who already has the documentation"

As of 1 August 2025, very few Chinese suppliers have cybersecurity documentation. Switching suppliers costs time, samples, quality testing and new MOQs. It is faster and cheaper to send your existing supplier REDCheck at €99 per model.

What's in the ZIP

5 PDF documents generated from the manufacturer's product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What your Chinese supplier pays

🧾 LAB IN SHENZHEN
¥35,000–85,000
Per product model. 3–6 months queue. 14 models = ¥490,000–1,190,000.
✓ REDCHECK
€99 (~¥720)
5 documents. 30 min per model. 14 models = €1,386 (~¥10,000).

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens to importers without verified cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties. As importer, YOU are liable — not just the manufacturer.

🇪🇺
Market withdrawal — at importer's expense
Immediate

Art. 40(4): market surveillance authorities can prohibit sale, require withdrawal or order recall. Art. 12(7): the importer must take corrective action on all affected products throughout the EU.

🇩🇪
Germany — Produktsicherheitsgesetz
€3,000–€30,000

Administrative fines under §19. Up to 1 year of imprisonment for serious offences under §20. The importer — not the manufacturer — faces German enforcement.

⚖️
Formal non-compliance — Art. 43
Listing of deficiencies

Art. 43(1)(f): if technical documentation is not available or not complete, the Member State shall require the economic operator to put an end to the non-compliance. Incomplete documentation = non-compliance.

Options for your supplier

OptionCostWhat your supplier gets
Lab in Shenzhen¥35,000–85,000 (€4,500–10,800)3–6 months. Full third-party assessment.
EU-based cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Supplier assembles documentation€0 (their time)EN 18031 has 600+ pages. No guidance.
REDCheck — send them the link€99 (~¥720)5 documents, 30 min, per model

Multiple Chinese suppliers? Multiple product lines?

Professional Pack: €999 for 70 generations. One license key — share with all your suppliers. Each supplier generates documentation for their product models.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — Chinese supplier cybersecurity documentation

Can my Chinese supplier use REDCheck in Chinese?
REDCheck's interface is currently in English. The generated PDF documents follow the EN 18031 structure and cite Directive 2014/53/EU in English — the language of the applicable EU legislation. Most Chinese export managers read English at a functional level.
What if my supplier has different models with different connectivity?
Each product model with a unique combination of radio technologies (WiFi, BLE, Zigbee, NFC) requires its own documentation. REDCheck classifies each product individually and determines which essential requirements apply.
Can I buy REDCheck for my supplier as a gift?
Yes. You can purchase at €99 per product or the Professional Pack at €999 and share the license key with your supplier.
If I place a product under my own brand, am I the manufacturer?
Yes. Art. 14 of Directive 2014/53/EU: an importer who places radio equipment under their own name or trade mark is considered the manufacturer and is subject to Art. 10 obligations — including producing the technical documentation.
What happens when the CRA replaces the RED cybersecurity requirements?
The Cyber Resilience Act (Regulation (EU) 2024/2847) will gradually replace the cybersecurity requirements of Art. 3(3)(d), (e) and (f) of Directive 2014/53/EU. The transition is expected by 2027–2028. Until the CRA fully applies, the RED cybersecurity requirements remain in force. Documentation generated now remains valid for products placed on the market during the RED regime.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your Chinese supplier needs documentation. Send them the link. ¥720 per model. 30 minutes.

Five PDF documents. Art. 21 and Annex V. Directive 2014/53/EU. In the supplier's browser. Their data stays on their computer.

€99 per product (~¥720)
One-time payment · No subscription · 30 minutes · 10 regenerations · Professional Pack: €999
Generate RED documentation — €99

Related landings

📦 Art. 12

Importer obligations: RED cybersecurity under Art. 12
⚖️ Liability

Importer liability: missing cybersecurity documentation
🇩🇪 Germany

German importer: RED cybersecurity documentation
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history