Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your European buyer has sent you a cybersecurity checklist you cannot fully decipher. Without documentation under Art. 21 of Directive 2014/53/EU, your IoT gateways cannot be placed on the EU market from 1 August 2025.

You manufacture IoT gateways with WiFi, Zigbee or LoRa connectivity in India. Your Dutch or German buyer has forwarded a checklist referencing Delegated Regulation (EU) 2022/30 and EN 18031. A lab quotes ₹4–8 lakh per model. As manufacturer under Art. 10, the obligation is yours. REDCheck generates the 5 PDF documents. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Cybersecurity documentation for IoT gateways: the numbers

IoT gateways with WiFi, Zigbee, LoRa or 4G communicate over the internet. Art. 1(1) applies Art. 3(3)(d) to all such equipment.

1 Aug 2025
Application date — mandatory
Art. 3(3)(d) + (e)
Network protection applies to all internet-connected gateways. Personal data applies if the gateway processes personal data.
₹4–8 lakh
Typical cost per model at a lab in India. REDCheck: €99 (~₹9,000)

What REDCheck does with your product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement.

1
Company details
Legal name, role under Directive 2014/53/EU, country, EU contact.
2
Product classification
Determines applicable requirements: Art. 3(3)(d), (e) and/or (f).
3
Cybersecurity assessment
EN 18031 categories: access control, authentication, secure comms, updates, vulnerability management.
4
Risk assessment
Structured risk table per applicable requirement.
5
EU Declaration of Conformity
Art. 18 + Annex VI. Basis for CE marking.
6
Download ZIP
5 PDFs. Add to technical file. Retain 10 years (Art. 10(4)).

Three mistakes Indian gateway manufacturers make about RED cybersecurity

COMMON ERROR

"Our gateway is industrial — it connects to factories, not homes"

Art. 1(1) applies to ANY internet-connected radio equipment. There is no industrial exemption.

COMMON ERROR

"Our European buyer is the manufacturer — we are just the OEM"

If your company name appears on the product or declaration, Art. 10 applies to you. In practice, most buyers contractually require the OEM to provide documentation.

COMMON ERROR

"We have BIS certification — that covers European requirements"

BIS covers Indian domestic standards. CE marking and EN 18031 are European requirements. No mutual recognition between BIS and CE.

What's in the ZIP

5 PDF documents per product model.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 LAB IN INDIA
₹4–8 lakh
Per model. 3–6 months. 6 models = ₹24–48 lakh.
✓ REDCHECK
€99
5 documents. 30 min per model. 6 models = €594 (~₹54,000).

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
Market withdrawal
Immediate

Arts. 40(1), 40(4) and 43.

🇳🇱
Netherlands — NVWA
€450–900,000

Rotterdam is the primary gateway for Indian electronics entering the EU.

🇩🇪
Germany
€3,000–€30,000

Largest industrial IoT market in the EU.

Alternatives

AlternativeCostWhat you get
Lab in India₹4–8 lakh/model3–6 months.
EU consultancy€5,000–15,000/modelCustom report.
Assemble yourself₹0 (your time)EN 18031: 600+ pages.
REDCheck€995 documents, 30 min, per model

Manufacturing more than one IoT gateway model?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

My gateway uses WiFi and Zigbee. Which articles apply?
Art. 3(3)(d) applies because it communicates over the internet. If it also processes personal data via a cloud dashboard, Art. 3(3)(e) applies.
My European buyer demands the documentation — but who is the manufacturer?
If you design/manufacture and your name is on the product, Art. 10 applies. If buyer brands it, Art. 14 may apply to them — but they will contractually require you to provide the documentation.
Can I use Module A?
Yes, if you fully apply EN 18031. Art. 17(3)(a).
My importer says documentation is my responsibility. Correct?
Yes. Art. 10(1) and 10(3).
CRA?
Repealed from 11 December 2027.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your European buyer is waiting. Generate the cybersecurity documentation for your IoT gateway in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

💰 Cost

Indian exporter: cybersecurity documentation cost EU

🎧 Headphones

Bluetooth headphone manufacturer India: EU RED compliance

📦 Importers

German importer: RED cybersecurity documentation requirements

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history