Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Delegated Regulation (EU) 2022/30 applies from 1 August 2025. The cybersecurity requirements for radio equipment are no longer future — they are in force.

The original application date was 1 August 2024. Delegated Regulation (EU) 2023/2444 postponed it by one year to 1 August 2025. There will be no further postponement. From this date, every internet-connected radio equipment placed on the EU market must comply with the cybersecurity requirements of Art. 3(3)(d) and, where applicable, Art. 3(3)(e) and Art. 3(3)(f). Technical documentation under Art. 21 must exist BEFORE the product bears CE marking. REDCheck generates the 5 PDF documents for each product model. 30 minutes. €99 per product. 100% in your browser.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

The Delegated Regulation timeline: key dates

Three dates define the regulatory lifecycle of cybersecurity for radio equipment.

1 Aug 2025
Application date of Del. Reg. (EU) 2022/30. Originally 1 Aug 2024, postponed 1 year by Del. Reg. (EU) 2023/2444.
11 Dec 2027
Repeal date. Del. Reg. 2022/30 repealed when the Cyber Resilience Act (Reg. (EU) 2024/2847) enters full application.
30 min
Time to generate documentation for one product model with REDCheck. €99.

The complete regulatory timeline

From publication to repeal — every date and its legal basis.

1
12 January 2022
Delegated Regulation (EU) 2022/30 published in the Official Journal. Original application date: 1 August 2024.
2
30 October 2023
Delegated Regulation (EU) 2023/2444 published. Postpones application to 1 August 2025. Reason: harmonised standards (EN 18031) not yet available.
3
31 January 2025
Implementing Decision (EU) 2025/138 published. EN 18031-1, -2 and -3 references listed in the OJEU with restrictions. Presumption of conformity now operational.
4
1 August 2025
APPLICATION DATE. All radio equipment within scope must comply with Art. 3(3)(d), (e) and/or (f). Technical documentation under Art. 21 must exist. CE marking must cover cybersecurity.
5
11 December 2027
Cyber Resilience Act (Reg. (EU) 2024/2847) enters full application. Del. Reg. 2022/30 is repealed. Products on the market before this date under RED remain valid.
6
Your action
Generate documentation NOW for the 1 Aug 2025 – 11 Dec 2027 window. REDCheck covers this period. For CRA documentation: CRACheck.

Three mistakes about the August 2025 deadline

COMMON ERROR

"There will be another postponement"

Delegated Regulation (EU) 2023/2444 was the ONLY postponement. The European Commission published the EN 18031 standards in January 2025. The harmonised standards gap — the reason for the first postponement — no longer exists. No legal mechanism for a further delay has been proposed or discussed.

COMMON ERROR

"The deadline applies only to new products placed on the market after 1 August 2025"

Correct in principle: Art. 10 applies when placing radio equipment on the market. Products already on the market before 1 August 2025 are not retroactively required to have cybersecurity documentation. However, if you continue PLACING new units of the same product on the market after the date (new manufacturing batches, new stock imported), those units must comply.

COMMON ERROR

"The CRA replaces RED in 2027, so I can wait"

The CRA enters full application on 11 December 2027. Between 1 August 2025 and 11 December 2027, Delegated Regulation 2022/30 is the applicable law. That is 28 months. If your product is on the EU market during this window without cybersecurity documentation, you are non-compliant for 28 months. Market surveillance does not wait for the CRA.

What's in the ZIP

5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 CONSULTANCY
€5,000–15,000
Per product model. Weeks of wait.
✓ REDCHECK
€99
5 documents. 30 minutes per product.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties.

🇪🇺
Market withdrawal
Immediate

Art. 40 of Directive 2014/53/EU. Market surveillance can require withdrawal across all 27 Member States.

🇩🇪
Germany — Produktsicherheitsgesetz
€3,000–€30,000

Administrative fines under §19. Up to 1 year of imprisonment under §20.

🛒
Marketplace listing removal
Revenue loss

Amazon and EU marketplaces require conformity documentation. Missing cybersecurity documentation triggers listing suspension.

Alternatives

AlternativeCostWhat you get
Notified Body / consultancy€5,000–20,000Assessment + documentation. 2–6 months.
Assemble documentation yourself€0 (your time)EN 18031 has 600+ pages. No template.
Wait for the CRA€028 months of non-compliance. Fines. Listing removal.
REDCheck€995 documents, 30 min, per product

Documenting more than one product model?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — August 2025 deadline

Was the deadline postponed from August 2024 to August 2025?
Yes. Delegated Regulation (EU) 2023/2444 amended Art. 3 of Del. Reg. 2022/30 to change 'It shall apply from 1 August 2024' to 'It shall apply from 1 August 2025.' The reason was the absence of harmonised standards. EN 18031 was published in the OJEU in January 2025 via Implementing Decision (EU) 2025/138.
What exactly must I have ready by 1 August 2025?
Technical documentation under Art. 21 and Annex V, including cybersecurity requirements. An EU declaration of conformity under Art. 18 and Annex VI referencing Arts. 3(3)(d), (e) and/or (f). CE marking that covers the cybersecurity requirements. All three must exist BEFORE the product is placed on the market.
What is the penalty if I miss the deadline?
Art. 46 of Directive 2014/53/EU: penalties are set by each Member State and must be 'effective, proportionate and dissuasive, including criminal penalties for serious infringements.' Example: Germany §19 Produktsicherheitsgesetz — €3,000–30,000 in fines. Market surveillance authorities can also prohibit sale, order withdrawal or recall under Arts. 40 and 43.
What happens when the CRA replaces the RED cybersecurity requirements?
Delegated Regulation (EU) 2022/30 will be repealed with effect from 11 December 2027, when the Cyber Resilience Act — Regulation (EU) 2024/2847 — enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For CRA documentation from that date, SolidwareTools offers CRACheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

1 August 2025 is here. Generate your cybersecurity documentation in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

⏳ RED vs CRA

RED vs CRA cybersecurity documentation timeline 2025–2027
📋 Art. 3(3)

Art. 3(3)(d) vs (e) vs (f): which applies to your product?
🔧 Tool

RED cybersecurity technical documentation generator
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history