Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your industrial IoT gateways supply Siemens, Bosch and Schneider Electric. You already meet 90% of EN 18031 because your German clients require it contractually. What you lack is the formal documentation under Annex V. Your Munich consultancy quotes €9,200 per model.

You manufacture industrial IoT gateways with WiFi, LoRa and 4G for smart factories across Europe. Your German tier-1 clients already require security features contractually — secure boot, firmware signing, access control, encrypted communications. You comply technically. But technical compliance is not documentation. Art. 21 of Directive 2014/53/EU requires formal technical documentation conforming to Annex V. Your Munich consultancy charges €9,200 per model — 4 models is €36,800. REDCheck structures your existing technical compliance into formal Annex V documentation. 30 minutes per model. €99.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Industrial IoT cybersecurity documentation: the numbers

Delegated Regulation (EU) 2022/30 makes no distinction between consumer and industrial products.

90%
Typical EN 18031 compliance level for industrial gateways already meeting German tier-1 contractual security requirements
€36,800
Munich consultancy quote for 4 gateway models (€9,200 × 4). REDCheck: €396
Art. 21
Technical documentation must be drawn up BEFORE the product is placed on the market — Art. 21(2)

What REDCheck does with your gateway data

You enter your product specifications. REDCheck structures the documentation requirement by requirement.

1
Company details
Manufacturer details, product model, firmware, radio interfaces.
2
Product classification
Art. 3(3)(d) for internet connectivity. Art. 3(3)(e) if processing personal data.
3
Cybersecurity assessment
EN 18031-1 mapped requirements: access control, authentication, secure boot, firmware integrity, secure updates, vulnerability management.
4
Risk assessment
Structured risk table for each applicable requirement.
5
EU Declaration of Conformity
Art. 18 + Annex VI. Signed by the manufacturer.
6
Download ZIP
5 PDF documents. Professional Annex V format. Retain 10 years.

Mistakes industrial IoT manufacturers make

COMMON ERROR

"Industrial equipment is exempt from RED cybersecurity"

There is no industrial exemption in Delegated Regulation (EU) 2022/30. Art. 1(1) applies Art. 3(3)(d) to ANY radio equipment that can communicate over the internet. An industrial gateway with WiFi or 4G communicates over the internet. The Regulation makes no distinction between consumer and industrial products.

COMMON ERROR

"Our clients' contractual security requirements are the same as EN 18031"

Your German clients' security specifications may overlap significantly with EN 18031, but they are not the same. EN 18031 is a harmonised standard published in the Official Journal that grants presumption of conformity under Art. 16 of Directive 2014/53/EU. A contractual specification — however demanding — does not grant presumption of conformity. The documentation must reference the standard, not the contract.

COMMON ERROR

"We already have IEC 62443 certification"

IEC 62443 is an international standard for industrial automation and control system security. It is NOT a harmonised standard under Directive 2014/53/EU. IEC 62443 certification does not grant presumption of conformity under Art. 16. The cybersecurity requirements of Art. 3(3)(d) must be documented against EN 18031 specifically. Your IEC 62443 work is valuable input for the EN 18031 assessment, but it is not a substitute.

What's in the ZIP

5 PDF documents per product model.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 MUNICH CONSULTANCY — 4 GATEWAY MODELS
€36,800
€9,200 × 4 models. Quarterly retainer on top.
✓ REDCHECK
€396
€99 × 4 models. 30 min each. Your technical knowledge, our Annex V structure.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

Formal documentation of what you already implement. 5 PDFs per model. €99.

∅ LAYER 2

IEC 62443 certification

Your existing IEC 62443 certification covers industrial control system security. RED cybersecurity under Art. 3(3)(d) is a separate EU regulatory obligation with separate documentation requirements. Both can coexist — and your IEC 62443 evidence strengthens your EN 18031 assessment.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇩🇪
Germany — BNetzA + BSIG
€3,000–€30,000

Industrial IoT in Germany falls under both RED enforcement (BNetzA) and, for critical infrastructure, the BSIG. Dual regulatory exposure.

🇪🇺
Product withdrawal
Immediate

Art. 40 of Directive 2014/53/EU. Industrial product withdrawal disrupts supply chains — your Siemens or Bosch integration depends on it.

📉
Loss of tier-1 contracts
Reputation

German tier-1 manufacturers are adding Delegated Reg. 2022/30 compliance as a supply condition. Non-compliance risks losing contracts that took years to build.

Alternatives

AlternativeCostWhat you get
Munich consultancy (4 models)€36,800 + retainerQuarterly engagement. Custom reports.
Enterprise SaaS (Z-CMS or similar)€4,000+/yearPlatform. Onboarding. Subscription.
Extend IEC 62443 scope to cover REDVariableIEC 62443 ≠ EN 18031. Different standard.
REDCheck€99/model5 documents, 30 min, Annex V format

Documenting a portfolio of industrial IoT products?

Gateways, sensors, PLCs, smart meters — Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — industrial IoT and RED cybersecurity

My gateway has LoRa only — no WiFi, no internet. Does Art. 3(3)(d) apply?
It depends on whether the LoRa gateway communicates over the internet indirectly. If the gateway connects to a LoRaWAN network server via Ethernet or cellular backhaul that routes through the internet, it communicates over the internet indirectly. Art. 1(1) of Delegated Regulation (EU) 2022/30 covers indirect connectivity. If the gateway operates on a private, air-gapped network with no internet path, Art. 3(3)(d) does not apply.
Can I use my IEC 62443 documentation as input for REDCheck?
Yes. Your IEC 62443 assessment covers many of the same security domains as EN 18031-1: access control, authentication, secure communications, software integrity, event logging. When filling the REDCheck form, your IEC 62443 evidence directly answers many of the EN 18031 questions. The output is a separate Annex V document, but your existing work reduces the input effort significantly.
My German clients already audit our security. Why do I need separate documentation?
Your clients' audits verify contractual compliance. Art. 21 of Directive 2014/53/EU requires formal technical documentation conforming to Annex V — a regulatory obligation independent of any commercial contract. Market surveillance authorities (BNetzA) can request this documentation under Art. 10(12). A contractual audit report is not a substitute for an Annex V technical file.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

You already meet the technical requirements. Generate the formal documentation in 30 minutes.

Five PDF documents per model. Art. 21 and Annex V. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

📡 Routers

Router manufacturer: Annex V cybersecurity documentation
🇮🇳 India

Indian manufacturer: RED documentation EU market
📦 Importers

German importer: RED cybersecurity documentation
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history