Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You are a US manufacturer selling radio equipment in Europe. You need to comply with the cybersecurity requirements of Directive 2014/53/EU from 1 August 2025. Here is what you need to do — article by article, annex by annex.

You googled how to comply with the RED Directive. FCC does not cover this. NIST does not cover this. Delegated Regulation (EU) 2022/30 activated cybersecurity requirements Art. 3(3)(d), (e) and (f). You need technical documentation under Art. 21 (Annex V), an EU declaration of conformity under Art. 18 (Annex VI), and a conformity assessment under Art. 17. REDCheck generates the 5 documents. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

RED Directive compliance for US manufacturers: the numbers

Directive 2014/53/EU has 52 articles and 8 annexes. You don't need to read all of them. The cybersecurity-relevant articles are Art. 3(3)(d), (e), (f), Art. 10, Art. 17, Art. 18, Art. 21 and Annexes II, V, VI and VII.

3 requirements
Art. 3(3)(d) network · Art. 3(3)(e) personal data · Art. 3(3)(f) fraud. Activated by Delegated Reg. (EU) 2022/30.
5 documents
Product classification, technical documentation, risk assessment, EU DoC, simplified declaration + label
€99
Per product model. Covers Art. 21 + Annex V + Art. 18 + Annex VI + Art. 10(9) + Annex VII.

Step-by-step: how to comply

REDCheck follows the compliance path defined by Directive 2014/53/EU. Each step maps to a specific article.

1
Determine if the Delegated Regulation applies (Art. 1 of Reg. 2022/30)
Does your product communicate over the internet? → Art. 3(3)(d). Does it process personal data? → Art. 3(3)(e). Does it enable money transfers? → Art. 3(3)(f). REDCheck's free checker answers this in 2 minutes.
2
Identify your role (Art. 10, 12, 14)
Manufacturer (Art. 10): you designed or had the product manufactured. Importer (Art. 12): you place third-country products on the EU market. White-label (Art. 14): you place under your own brand = manufacturer obligations.
3
Prepare technical documentation (Art. 21, Annex V)
Annex V lists 9 categories of required content. REDCheck structures your cybersecurity assessment into this format.
4
Choose the conformity route (Art. 17)
Full application of EN 18031 → Module A, self-declaration (Annex II). Partial or no application → Module B+C (Annex III) or Module H (Annex IV), Notified Body required.
5
Sign the EU Declaration of Conformity (Art. 18, Annex VI)
The manufacturer declares that the product meets Art. 3 requirements. REDCheck generates this document.
6
Affix CE marking (Arts. 19-20) and retain documentation for 10 years (Art. 10(4))
The CE marking is the visible consequence of the conformity process. Keep the technical file for 10 years.

Three mistakes US manufacturers make when trying to comply

COMMON ERROR

"Reading the Directive without reading the Delegated Regulation"

Directive 2014/53/EU defines the framework. Delegated Regulation (EU) 2022/30 specifies WHICH products must comply. Without the Delegated Regulation, you don't know if your product is in scope. Both are essential.

COMMON ERROR

"Starting with EN 18031 before determining scope"

EN 18031 has 600+ pages across 3 parts. Determining scope first saves you from reading standards that don't apply.

COMMON ERROR

"Hiring a Notified Body when Module A is sufficient"

Art. 17(3)(a) allows Module A when harmonised standards are fully applied. For radio equipment cybersecurity, Module A is available and sufficient for fully compliant products.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 NOTIFIED BODY / CONSULTANCY
$5,000–20,000
Per product. Months. Separate engagement.
✓ REDCHECK
€99
5 documents. 30 minutes. Covers Art. 21 + Annex V + Annex VI.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
Market withdrawal
Immediate

Arts. 40(1), 40(4) and 43.

🛒
Amazon EU listing removal
Revenue loss

Amazon requires conformity documentation for EU listings.

📉
Board and investor impact
Strategic

EU revenue at risk.

Alternatives

AlternativeCostWhat you get
Notified Body / consultancy$5,000–20,000/productMonths. Separate engagement.
In-house EU regulatory specialist$80,000–120,000/yearIf you can find and onboard one.
Assemble documentation yourself$0 (your time)EN 18031 has 600+ pages.
REDCheck€995 documents, 30 min, per model

Selling more than one product in the EU?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

I've never dealt with EU regulation before. Where do I start?
Start with two questions: (1) Does my product communicate over the internet? (2) Does it process personal data? REDCheck's free checker answers both in 2 minutes.
Do I need an EU-based authorized representative?
Art. 11 allows manufacturers to appoint an authorized representative in the EU. This is separate from the documentation obligation.
Can I use Module A (self-declaration)?
Yes, if you fully apply EN 18031. Art. 17(3)(a) allows Module A.
What happens when the CRA replaces RED?
Delegated Regulation (EU) 2022/30 will be repealed from 11 December 2027.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Now you know how to comply. Generate the documentation in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🇺🇸 US manufacturer

US manufacturer: RED Directive cybersecurity documentation

📋 Module A

Module A self-declaration for US manufacturers

⚖ FCC vs CE

FCC vs CE: cybersecurity differences for radio equipment

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history