Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You manufacture IoT sensors in India with WiFi and LoRa connectivity. Your European client requires documentation mapped to EN 18031. You've read the standard — 600+ pages across 3 parts. REDCheck structures the documentation for you in 30 minutes.

Your IoT sensor connects to building management systems via WiFi and LoRa. Your first European client requires 'cybersecurity technical documentation mapped to EN 18031.' You downloaded EN 18031-1 from CEN. 200+ pages. Dense. You understand the technical requirements but converting them into structured documentation under Art. 21 and Annex V is a different skill. REDCheck maps your product data to EN 18031-1 and EN 18031-2 categories. 30 minutes. €99.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

EN 18031 documentation for IoT sensors: the framework

EN 18031 is a three-part harmonised standard published January 2025. Full application enables Module A self-declaration (Art. 17(3)(a)).

EN 18031-1
Network protection — maps to Art. 3(3)(d). Applies to all internet-connected radio equipment.
EN 18031-2
Personal data protection — maps to Art. 3(3)(e). Applies if equipment processes personal data.
EN 18031-3
Fraud protection — maps to Art. 3(3)(f). Applies if equipment enables money transfers.

How REDCheck maps your product to EN 18031

You enter your product specifications. REDCheck identifies applicable EN 18031 parts and maps security features to each requirement category.

1
Access control (§5.3)
Who can access your sensor? Default credentials, user management, privilege levels.
2
Authentication (§5.4)
How does the sensor verify identity? Password strength, certificate-based authentication, mutual authentication.
3
Secure communications (§5.5)
How does the sensor protect data in transit? TLS/DTLS, encryption protocols, certificate validation.
4
Cryptography (§5.6)
Algorithm strength, key management, random number generation, secure storage.
5
Software updates (§5.7)
Secure firmware update mechanism, integrity verification, rollback prevention.
6
Vulnerability management (§5.8)
Disclosure policy, patching process, end-of-support communication.

Three mistakes Indian IoT sensor manufacturers make about EN 18031

COMMON ERROR

"I've read EN 18031 — I can write the documentation myself"

Reading the standard is step one. Converting your security features into STRUCTURED documentation under Art. 21 and Annex V requires a specific format. REDCheck provides the structure.

COMMON ERROR

"EN 18031 is optional — I don't need to map to it"

EN 18031 is technically voluntary. But without it, you cannot self-declare via Module A — you need a Notified Body (Art. 17(4)). Using EN 18031 saves cost and time.

COMMON ERROR

"My sensor only collects temperature and humidity — no personal data"

If the sensor data is transmitted to a cloud platform linked to user accounts, it may become personal data under GDPR Art. 4(1). Review the full data processing chain.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 TÜV INDIA / CONSULTANCY
₹4–5 lakh / €5,000–15,000
Per model. Months.
✓ REDCHECK
€99 (~₹9,200)
5 documents. 30 min. EN 18031 mapped.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
Market withdrawal
Immediate

Arts. 40(1), 40(4) and 43.

🇩🇪
Germany
€3,000–€30,000

Produktsicherheitsgesetz.

📉
Client loss
Revenue loss

Your European client will find a supplier who provides EN 18031 documentation.

Alternatives

AlternativeCostWhat you get
TÜV India / consultancy₹4–5 lakh / €5,000–15,000Months. Custom report.
Internal team₹0 (staff time)EN 18031: 600+ pages. No Annex V structure guidance.
Assemble yourself₹0 (your time)No guidance.
REDCheck€995 documents, 30 min, per model

Multiple IoT sensor models?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

My sensor uses LoRa AND WiFi. Which parts of EN 18031 apply?
EN 18031-1 (network) applies because it communicates over the internet. If it also processes personal data, EN 18031-2 applies. Documentation covers the device holistically.
My European client says they need documentation 'mapped to EN 18031 categories.' What does that mean?
Each security feature must be linked to the corresponding EN 18031 requirement category. REDCheck generates this mapping automatically.
I'm a startup with 18 employees. Is this the right solution?
€99 per model. No consultancy fees, no waiting time. Fixed cost regardless of company size.
Module A?
Yes, if you fully apply EN 18031. Art. 17(3)(a).
CRA?
Repealed from 11 December 2027.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

You've read EN 18031. Now structure the documentation. 30 minutes. €99.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🇮🇳 India

Indian manufacturer: RED cybersecurity documentation EU market

📊 Smart meters

India smart meter exporter: cybersecurity Directive 2014/53

🏭 Factory

India electronics factory: EU cybersecurity compliance August 2025

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history