Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

As a German importer, you must verify that your suppliers have drawn up cybersecurity technical documentation under Art. 21 of Directive 2014/53/EU. The Produktsicherheitsgesetz makes non-compliance a criminal offence. You cannot wait.

You import radio equipment into Germany from China, Vietnam or Turkey. From 1 August 2025, the cybersecurity requirements of Art. 3(3)(d) and (e) — activated by Delegated Regulation (EU) 2022/30 — are mandatory. Art. 12(2) requires you to verify documentation BEFORE placing on the market. The Produktsicherheitsgesetz imposes administrative fines of €3,000–€30,000 (§19) and up to 1 year of imprisonment for serious offences (§20). You have 23 product models. A Notified Body quotes €5,000–10,000 per model. That is €115,000–230,000. REDCheck costs €99 per model. Send the link to your suppliers. 30 minutes per model.

Generate RED documentation — €99Free: does this product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

German importer requirements: the numbers

Germany is the largest single market for consumer electronics in the EU. The BNetzA (Bundesnetzagentur) is the market surveillance authority for radio equipment. Enforcement is systematic.

§19 ProdSG
Administrative fines €3,000–€30,000 for non-compliance with product safety legislation
§20 ProdSG
Up to 1 year imprisonment for serious offences — placing dangerous products on the market
23 models × €99
€2,277 total. Professional Pack: €999 for 70 generations.

How REDCheck helps you as importer

The documentation obligation is the manufacturer's (Art. 10). But if your supplier cannot produce it, your products are blocked. REDCheck is a tool you can send to your supplier.

1
Send the link to your supplier
Your manufacturer enters their company and product data into REDCheck. The tool runs in their browser — their data never leaves their computer.
2
Supplier completes product classification
Determines which essential requirements apply: Art. 3(3)(d), Art. 3(3)(e), or both.
3
Supplier completes cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 and EN 18031-2 categories.
4
Supplier generates ZIP with 5 PDFs
Product classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label.
5
You verify and file
Art. 12(2): verify that documentation exists. Art. 12(8): keep a copy of the EU declaration of conformity for 10 years.
6
Place on market
Your product is legally compliant. You have fulfilled Art. 12(1) and 12(2).

Three mistakes German importers make about RED cybersecurity

COMMON ERROR

"My Chinese supplier has CE marking — Konformität ist gegeben"

CE marking for EMC and safety does NOT cover the cybersecurity requirements of Art. 3(3)(d) and (e). These are SEPARATE obligations activated from 1 August 2025. As importer under Art. 12(2), you must verify that the technical documentation NOW INCLUDES cybersecurity.

COMMON ERROR

"The BNetzA will give a transition period"

There is no transition period. Delegated Regulation (EU) 2022/30 was adopted in October 2021 with an original application date of 1 August 2024, deferred to 1 August 2025. Economic operators have had over three years to prepare. The BNetzA can act from day one.

COMMON ERROR

"I can write the documentation myself as importer"

Art. 10(1) and 10(3) assign the documentation obligation to the manufacturer. As importer (Art. 12), you VERIFY — you do not produce. However, Art. 14 applies if you place the product under your own name or trade mark. In that case, you assume manufacturer obligations and CAN produce the documentation using REDCheck.

What's in the ZIP

5 PDF documents generated from the manufacturer's product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What your supplier pays

🧾 NOTIFIED BODY / CONSULTANCY
€5,000–10,000
Per product model. 23 models = €115,000–230,000.
✓ REDCHECK
€99
5 documents. 30 minutes. 23 models = €2,277. Professional Pack: €999 for 70 generations.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

As importer, your role is to VERIFY Layer 1 documentation exists. The manufacturer produces it.

What happens to German importers without verified cybersecurity documentation

Germany enforces product safety systematically. The BNetzA is the market surveillance authority.

🇩🇪
BNetzA market surveillance
Systematic

The Bundesnetzagentur actively monitors radio equipment. Importers are the first point of contact for enforcement in Germany — not the overseas manufacturer.

🇩🇪
Produktsicherheitsgesetz — §19 fines
€3,000–€30,000

Per infringement. Administrative fines for placing non-compliant products on the market.

🇩🇪
Produktsicherheitsgesetz — §20 criminal
Up to 1 year

Imprisonment for serious offences. Placing products on the market that do not meet essential requirements.

Options for your supplier

OptionCostWhat your supplier gets
Notified Body / lab in China€5,000–10,000 per model3–6 months. Full third-party assessment.
EU-based cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Supplier assembles documentation€0 (their time)EN 18031 has 600+ pages. No guidance.
REDCheck — send them the link€995 documents, 30 min, per model

Importing more than ten product models?

Professional Pack: €999 for 70 generations with a single license key. Distribute to your suppliers. One generation per product model. 23 models = €999 instead of €2,277.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — German importer RED cybersecurity

Is the BNetzA the enforcement authority for RED cybersecurity?
The Bundesnetzagentur (BNetzA) is the market surveillance authority for radio equipment in Germany under Directive 2014/53/EU. The BNetzA monitors compliance, including the cybersecurity requirements activated by Delegated Regulation (EU) 2022/30.
Can I buy the Professional Pack and share it with my suppliers?
Yes. The Professional Pack provides a license key for 70 generations. You can share the key with your suppliers so they can generate documentation for each product model they manufacture.
How do I verify my supplier's documentation is correct?
Art. 12(2) requires you to verify that the conformity assessment has been carried out, the technical documentation exists, CE marking is applied, and required documents accompany the product. You are not required to audit the content — but you must confirm the documentation exists and covers the applicable requirements.
If I place a product under my own brand, am I the manufacturer?
Yes. Art. 14 of Directive 2014/53/EU: an importer who places radio equipment under their own name or trade mark is considered the manufacturer and is subject to Art. 10 obligations — including producing the technical documentation.
What happens when the CRA replaces the RED cybersecurity requirements?
The Cyber Resilience Act (Regulation (EU) 2024/2847) will gradually replace the cybersecurity requirements of Art. 3(3)(d), (e) and (f) of Directive 2014/53/EU. The transition is expected by 2027–2028. Until the CRA fully applies, the RED cybersecurity requirements remain in force. Documentation generated now remains valid for products placed on the market during the RED regime.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Pflichtbewusstsein. Verify the cybersecurity documentation — or send your supplier the link. 30 minutes. €99.

Five PDF documents per model. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Data stays in the manufacturer's browser. You verify and file.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

📦 Art. 12

Importer obligations: RED cybersecurity under Art. 12
🇳🇱 Netherlands

Netherlands importer: cybersecurity technical file
🇨🇳 China

EU importer: Chinese supplier cybersecurity documentation
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history