Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You have read the Delegated Regulation. You have downloaded EN 18031-1. You have spent 4 months building an Excel with 340 rows of requirements. REDCheck structures all of it into 5 professional PDF documents in 30 minutes.

You manufacture WiFi 6 routers, mesh systems and access points. You sell OEM to European brands and under your own brand on Amazon EU. You are an engineer — you have read the Regulation, downloaded EN 18031-1 and EN 18031-3, and built your own assessment spreadsheet. What you have not done is convert those 340 rows into formal technical documentation conforming to Annex V. Your European OEM clients require YOU to provide the documentation under Art. 14 — they market under their brand, so they are the manufacturer, but the negotiating power is theirs: provide the documentation or they find another OEM. REDCheck structures your assessment into Annex V format. 30 minutes. €99 per product model.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Cybersecurity documentation for routers: the numbers

Delegated Regulation (EU) 2022/30 activated cybersecurity requirements for all internet-connected radio equipment — routers are the primary product category.

EN 18031-1 + -3
Network protection (Art. 3(3)(d)) + fraud protection (Art. 3(3)(f)) if the router enables payment-related traffic
340+
Typical number of individual security requirements across EN 18031-1 when fully mapped for a WiFi 6 router
Art. 14
Your OEM clients market under their brand — they are the manufacturer under the Directive. But they contractually require YOU to provide the documentation

What REDCheck does with your router data

You already know your product. REDCheck asks the right questions in the right order, maps them to EN 18031 categories, and outputs Annex V documentation.

1
Company and product identification
Manufacturer details, product model, firmware version, radio interfaces (WiFi 6, BLE, Zigbee), intended market.
2
Classification and scope
Art. 3(3)(d) confirmed for all internet-connected routers. Art. 3(3)(e) if the router processes user credentials or traffic data. Art. 3(3)(f) if the router enables payment traffic.
3
EN 18031-1 assessment: network protection
Access control, authentication, default password policy, secure boot, firmware integrity, secure update mechanism, vulnerability disclosure, event logging, denial-of-service resilience.
4
EN 18031-3 assessment: fraud protection
If applicable: transaction security, cryptographic controls, integrity of payment-related communications.
5
Risk assessment and declaration
Structured risk table. EU Declaration of Conformity under Art. 18 + Annex VI. Simplified declaration with printable QR label.
6
Download ZIP
5 PDF documents. Professional-grade Annex V format. Retain 10 years (Art. 10(4)).

Mistakes router manufacturers make about RED cybersecurity

COMMON ERROR

"I've assessed every EN 18031 requirement in my spreadsheet — I'm compliant"

Assessment is not documentation. Art. 21 of Directive 2014/53/EU requires technical documentation containing the elements of Annex V. A personal spreadsheet is not a formal technical file. Market surveillance authorities and Notified Bodies expect structured documentation with article references, risk matrices and a signed declaration of conformity — not a 340-row Excel.

COMMON ERROR

"My OEM clients are the manufacturer — documentation is their problem"

Under Art. 14, the party placing radio equipment on the EU market under their brand is the manufacturer. That is your OEM client. But the commercial reality is different: if you do not provide the cybersecurity documentation, they will find an OEM that does. In Shenzhen, 200 factories make the same router. The documentation is the differentiator.

COMMON ERROR

"EN 18031 is just a checklist — any engineer can do it"

EN 18031-1 alone has hundreds of individual requirements across multiple security categories. The harmonised standard grants presumption of conformity (Art. 16) only when FULLY applied. Partial application triggers Art. 17(4): Notified Body required. The assessment must be thorough, and the documentation must prove full application if you want Module A self-declaration.

What's in the ZIP

5 PDF documents generated from your router data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 CYBERSECURITY LAB — PER ROUTER MODEL
€8,000–€15,000
3–6 months including queue. Per model.
✓ REDCHECK
€99
5 documents. 30 min. Your technical knowledge + our Annex V structure.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

The structured output of your engineering assessment. 5 PDF documents per model. What Art. 21 requires before CE marking.

∅ LAYER 2

EN 18031 lab testing

If your router fully applies EN 18031-1 (and -3 where applicable), self-declaration via Module A is sufficient. If you partially apply the standards, or if Implementing Decision (EU) 2025/138 imposes restrictions on your product, Art. 17(4) requires a Notified Body. REDCheck generates the documentation either way — the lab assessment is a separate step.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
Market withdrawal
Immediate

Routers are critical network infrastructure. Market surveillance treats router non-compliance as a priority due to network-level impact.

🇩🇪
Germany — BNetzA enforcement
€3,000–€30,000

The Bundesnetzagentur actively enforces RED compliance for networking equipment. Produktsicherheitsgesetz §19.

📉
Loss of OEM contracts
Revenue

European OEM clients are contractually requiring cybersecurity documentation from their Asian suppliers. No documentation = no supply agreement.

Alternatives

AlternativeCostWhat you get
Cybersecurity lab per router model€8,000–15,0003–6 months. Third-party assessment.
Continue with your spreadsheet€0Not a formal Annex V document. Not acceptable.
Enterprise SaaS platform€4,000+/yearSubscription. Onboarding. Overkill for self-declaration.
REDCheck€995 documents, 30 min, Annex V format

Manufacturing multiple router and access point models?

WiFi 5, WiFi 6, WiFi 7, mesh, enterprise AP — if you document 10+ models, the Professional Pack covers 70 generations for €999.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — router manufacturers and RED cybersecurity

I fully apply EN 18031-1. Can I self-declare without a Notified Body?
Yes. Art. 17(3)(a) of Directive 2014/53/EU allows Module A (internal production control, Annex II) when harmonised standards are fully applied. Full application of EN 18031-1 grants presumption of conformity under Art. 16 for Art. 3(3)(d). You generate the documentation with REDCheck, sign the declaration, affix CE marking. No Notified Body needed.
What about the restrictions in Implementing Decision (EU) 2025/138?
Implementing Decision (EU) 2025/138 published the EN 18031 standards as harmonised standards in the Official Journal BUT imposed restrictions on certain requirements — for example, where the standard allows the user to skip password setup during initial configuration. If your product's implementation falls under a restriction, the presumption of conformity for that requirement is NOT granted, and you may need Notified Body involvement for that specific aspect under Art. 17(4). REDCheck's classification document flags whether your product is affected.
Does Art. 3(3)(f) apply to my router?
Art. 3(3)(f) applies to internet-connected radio equipment that enables the transfer of money, monetary value or virtual currency (Art. 1(3) of Delegated Reg. (EU) 2022/30). A standard consumer router does not enable payment transactions directly. However, if your router specifically facilitates payment processing (e.g., a POS terminal with WiFi), Art. 3(3)(f) may apply. REDCheck's classification step determines this.
My OEM client says I must provide documentation. Am I legally obligated?
Not under the Directive — Art. 10 obligations fall on the manufacturer (your OEM client under Art. 14). But contractually, your OEM client can require you to provide the technical documentation as a condition of the supply agreement. This is standard practice. Providing the documentation is a commercial advantage, not a legal obligation on the OEM supplier — but refusing to provide it means losing the contract.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

You have the engineering knowledge. REDCheck has the Annex V structure. Generate the documentation in 30 minutes.

Five PDF documents per model. Art. 21 and Annex V. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🔌 Smart plugs

Smart plug manufacturer: EU cybersecurity documentation
🏭 Industrial

Industrial IoT gateway: RED cybersecurity documentation
🇺🇸 US company

US smart home hub: EU cybersecurity requirements
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history