Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

CE marking for your imported electronics now requires cybersecurity documentation. A competitor in Brescia has already had three products withdrawn by Italian market surveillance. Your 15 product models need documentation under Art. 21 before it happens to you.

You import consumer electronics from Shenzhen into Italy — cameras, baby monitors, smart speakers. Your CE marking covers EMC and safety. From 1 August 2025, Delegated Regulation (EU) 2022/30 requires cybersecurity documentation under Art. 3(3)(d) and (e). Art. 12(2) requires you to verify that your Chinese supplier has drawn up the documentation. Italian market surveillance has already acted on competitors. A consultancy quotes €5,000–15,000 per model. 15 models = €75,000–225,000. REDCheck costs €99 per model. Professional Pack: €999 for 70 generations.

Generate RED documentation — €99Free: does this product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

CE marking cybersecurity for Italian importers: the numbers

CE marking has always been a prerequisite for placing radio equipment on the Italian market. From 1 August 2025, it must include cybersecurity. The MISE (Ministero delle Imprese e del Made in Italy) oversees market surveillance.

1 Aug 2025
CE marking must now include cybersecurity documentation
Art. 12(2)
Italian importers must verify documentation BEFORE placing on market
15 models × €99
€1,485 total. Professional Pack: €999 for 70 generations.

How REDCheck helps you as importer

The documentation obligation is the manufacturer's (Art. 10). But if your supplier cannot produce it, your products are blocked. REDCheck is a tool you can send to your supplier.

1
Send the link to your supplier
Your manufacturer enters their company and product data into REDCheck. The tool runs in their browser — their data never leaves their computer.
2
Supplier completes product classification
Determines which essential requirements apply: Art. 3(3)(d), Art. 3(3)(e), or both.
3
Supplier completes cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 and EN 18031-2 categories.
4
Supplier generates ZIP with 5 PDFs
Product classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label.
5
You verify and file
Art. 12(2): verify that documentation exists. Art. 12(8): keep a copy of the EU declaration of conformity for 10 years.
6
Place on market
Your product is legally compliant. You have fulfilled Art. 12(1) and 12(2).

Three mistakes Italian importers make about CE marking and cybersecurity

COMMON ERROR

"CE marking has always included everything — cybersecurity is automatic"

CE marking has covered safety (Art. 3(1)(a)) and EMC (Art. 3(1)(b)) since 2016. Cybersecurity under Art. 3(3)(d) and (e) is a NEW, SEPARATE requirement activated by Delegated Regulation (EU) 2022/30 from 1 August 2025. Your existing CE marking does not cover it. The EU declaration of conformity must now reference the cybersecurity requirements.

COMMON ERROR

"Italian enforcement is slow — I have time"

Italian market surveillance has already withdrawn products from competitors. The MISE cooperates with the European Product Safety Alerts system (Safety Gate). A withdrawal in Italy triggers alerts across all 27 Member States.

COMMON ERROR

"It's the manufacturer's problem — I just import"

Art. 12(1) is unambiguous: importers shall place ONLY compliant radio equipment on the market. Art. 12(2) requires you to verify documentation BEFORE placing the product. If you place non-compliant equipment, Art. 12(7) requires you to take corrective action — withdraw, recall, inform authorities. The obligation to produce the documentation is the manufacturer's. The obligation to verify it is YOURS.

What's in the ZIP

5 PDF documents generated from the manufacturer's product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What your supplier pays

🧾 CONSULTANCY / LAB
€5,000–15,000
Per product model. 15 models = €75,000–225,000.
✓ REDCHECK
€99
5 documents. 30 min per model. 15 models = €1,485. Professional Pack: €999.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens to Italian importers without verified cybersecurity documentation

Italy enforces product safety through the MISE.

🇮🇹
MISE market surveillance
Product withdrawal

The Ministero delle Imprese e del Made in Italy (MISE) oversees market surveillance for radio equipment. Withdrawal orders are published and shared across the EU.

🇮🇹
D.Lgs. 128/2016 — penalties
€1,000–€100,000

Legislative Decree 128/2016 transposes Directive 2014/53/EU into Italian law. Penalties for placing non-compliant radio equipment on the market.

🇪🇺
Safety Gate — cross-border
EU-wide

Product withdrawals in Italy are reported to the Safety Gate system. All 27 Member States are notified. Cross-border sales are affected.

Options for your supplier

OptionCostWhat your supplier gets
Notified Body / lab in China€5,000–10,000 per model3–6 months. Full third-party assessment.
EU-based cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Supplier assembles documentation€0 (their time)EN 18031 has 600+ pages. No guidance.
REDCheck — send them the link€995 documents, 30 min, per model

Importing more than ten product models?

Professional Pack: €999 for 70 generations. Send the link to your suppliers in Shenzhen.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — Italian importer RED cybersecurity

Which Italian authority enforces RED cybersecurity?
The MISE (Ministero delle Imprese e del Made in Italy) is the market surveillance authority for radio equipment in Italy under D.Lgs. 128/2016, which transposes Directive 2014/53/EU.
Is there a transition period for Italian importers?
No. Delegated Regulation (EU) 2022/30 has a direct application date of 1 August 2025. There is no national transition period in Italy.
How do I verify my supplier's documentation is correct?
Art. 12(2) requires you to verify that the conformity assessment has been carried out, the technical documentation exists, CE marking is applied, and required documents accompany the product. You are not required to audit the content — but you must confirm the documentation exists and covers the applicable requirements.
If I place a product under my own brand, am I the manufacturer?
Yes. Art. 14 of Directive 2014/53/EU: an importer who places radio equipment under their own name or trade mark is considered the manufacturer and is subject to Art. 10 obligations — including producing the technical documentation.
What happens when the CRA replaces the RED cybersecurity requirements?
The Cyber Resilience Act (Regulation (EU) 2024/2847) will gradually replace the cybersecurity requirements of Art. 3(3)(d), (e) and (f) of Directive 2014/53/EU. The transition is expected by 2027–2028. Until the CRA fully applies, the RED cybersecurity requirements remain in force. Documentation generated now remains valid for products placed on the market during the RED regime.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your competitor has already been inspected. Verify the documentation — or send your supplier the link. €99 per model.

Five PDF documents per model. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Data stays in the manufacturer's browser. You verify and file.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

📦 Art. 12

Importer obligations: RED cybersecurity under Art. 12
🇩🇪 Germany

German importer: RED cybersecurity documentation
🇳🇱 Netherlands

Netherlands importer: cybersecurity technical file
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history