Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Two cybersecurity regulations, one transition. The RED window runs from 1 August 2025 to 11 December 2027. Then the CRA takes over. You need documentation for both — but not at the same time.

Delegated Regulation (EU) 2022/30 activates cybersecurity requirements under the Radio Equipment Directive from 1 August 2025. Regulation (EU) 2024/2847 — the Cyber Resilience Act — enters full application on 11 December 2027 and repeals the Delegated Regulation. For the next 28 months, RED cybersecurity is the law. After December 2027, CRA is the law. Products placed on the market during the RED window need RED documentation. Products placed from December 2027 need CRA documentation. REDCheck covers the first window (€99). CRACheck covers the second (€149). Both tools, same philosophy: guided self-assessment, structured output, one-time payment.

Generate my RED documentation — €99View CRACheck for post-2027 →

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

RED vs CRA: the timeline

Two regulations, two documentation periods.

28 months
The RED cybersecurity window: 1 Aug 2025 – 11 Dec 2027. Products placed on the market during this period need RED documentation.
11 Dec 2027
CRA full application date. Regulation (EU) 2024/2847. Repeals Del. Reg. 2022/30. New documentation framework.
€99 + €149
REDCheck for RED (now). CRACheck for CRA (from Dec 2027). Two separate tools for two separate regulations.

The complete transition timeline

From RED to CRA — every milestone.

1
1 August 2025
RED cybersecurity begins. Del. Reg. 2022/30 in effect. Arts. 3(3)(d), (e), (f) mandatory. EN 18031 provides presumption of conformity. REDCheck generates documentation.
2
11 September 2026
CRA: vulnerability reporting obligations begin (Art. 14 of Reg. 2024/2847). Manufacturers must report actively exploited vulnerabilities.
3
11 June 2027
CRA: conformity assessment body provisions apply. Notified Bodies for CRA begin operating.
4
11 December 2027
CRA full application. Del. Reg. 2022/30 repealed. Products placed from this date: CRA documentation required. Products already on market under RED: remain valid.
5
Your documentation plan
For products on market before Dec 2027: REDCheck (€99). For products entering from Dec 2027: CRACheck (€149). If your product spans both periods: document under RED now, then under CRA when required.
6
Two tools, two regulations
REDCheck: 1 Aug 2025 – 11 Dec 2027 (€99). CRACheck: from 11 Dec 2027 (€149). Both at solidwaretools.com.

Three mistakes about the RED-CRA transition

COMMON ERROR

"I'll wait for the CRA and skip the RED window entirely"

28 months of non-compliance. Market surveillance authorities enforce Art. 3(3)(d)/(e)/(f) from 1 August 2025. Waiting for the CRA does not exempt you from the RED. Two regulations, two separate periods.

COMMON ERROR

"RED documentation will automatically satisfy the CRA"

No. The CRA (Reg. 2024/2847) has different requirements, different annexes and a different scope than the RED. The CRA applies to 'products with digital elements' — broader than 'radio equipment.' The technical documentation under CRA Annex VII is structured differently from RED Annex V. Separate regulation, separate documentation.

COMMON ERROR

"The CRA replaces RED for all products"

The CRA replaces the cybersecurity requirements of Del. Reg. 2022/30 — not the entire Radio Equipment Directive. Directive 2014/53/EU continues to apply for EMC, electrical safety, radio spectrum and other essential requirements. Only the cybersecurity overlay from Del. Reg. 2022/30 is absorbed by the CRA.

What's in the ZIP

5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 CONSULTANCY
€5,000–15,000
Per product. Covers RED only — CRA will require separate engagement.
✓ REDCHECK
€99
5 documents for RED window. CRACheck (€149) for post-2027.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Art. 40 of Directive 2014/53/EU. Market surveillance can require withdrawal across all 27 Member States.

🇩🇪
Germany — Produktsicherheitsgesetz
€3,000–€30,000

Administrative fines under §19. Up to 1 year of imprisonment under §20.

🛒
Marketplace listing removal
Revenue loss

Amazon and EU marketplaces require conformity documentation. Missing cybersecurity documentation triggers listing suspension.

Alternatives

AlternativeCostWhat you get
Notified Body / accredited lab€5,000–10,000 per model3–6 months. Full third-party assessment.
Cybersecurity consultancy€5,000–15,000 per modelCustom report. Weeks of wait.
Assemble documentation yourself€0 (your time)EN 18031 has 600+ pages. No template.
REDCheck€995 documents, 30 min, per model

Documenting more than one product?

Professional Pack: €999 for 70 generations.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — RED vs CRA transition

If I document under RED now, do I need to re-document under CRA in 2027?
If you continue placing the same product on the market after 11 December 2027, yes — you will need CRA documentation. The RED documentation covers the 1 Aug 2025 – 11 Dec 2027 window. CRACheck (€149) covers CRA documentation.
Are EN 18031 standards valid under the CRA?
EN 18031 was developed for the RED cybersecurity requirements. The CRA will have its own set of harmonised standards. While there is overlap, the CRA standards will reflect CRA-specific requirements (vulnerability handling, SBOM, etc.). EN 18031 application under RED does not automatically confer CRA compliance.
What about products that are NOT radio equipment but have digital elements?
The CRA covers ALL products with digital elements — not just radio equipment. Software, connected appliances, industrial machinery with firmware. The RED only covers radio equipment. If your product has digital elements but no radio function, only the CRA applies (from Dec 2027), not the RED.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

The RED window is open now. Generate your documentation today. Plan for the CRA with CRACheck.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999 · CRACheck for post-2027: €149
Generate my RED documentation — €99

Related landings

⏳ Deadline

Delegated Regulation 2022/30: deadline 1 August 2025
📋 Art. 3(3)

Art. 3(3)(d) vs (e) vs (f): which applies to your product?
🔧 CRACheck

CRA documentation: Regulation (EU) 2024/2847
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history