Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You want to sell IoT products in Europe from the United States. Here is exactly what cybersecurity compliance documents you need under Directive 2014/53/EU — and why your existing US certifications do not cover them.

You googled what compliance documents do I need to sell in Europe. The answer is specific: if your product is radio equipment with internet connectivity, Delegated Regulation (EU) 2022/30 requires cybersecurity documentation under Art. 3(3)(d), (e) and (f) of Directive 2014/53/EU. This is separate from EMC, separate from safety, separate from FCC. You need 5 specific documents. REDCheck generates all five. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

The numbers

5 documents
Product classification, cybersecurity technical documentation, risk assessment, EU Declaration of Conformity, simplified declaration + label
3 requirements
Art. 3(3)(d) network protection · Art. 3(3)(e) personal data · Art. 3(3)(f) fraud protection — which apply depends on your product
30 min
Time to generate the complete documentation package. The cybersecurity compliance step is 30 minutes, not 3 months

The 5 cybersecurity documents you need — and what each one does

Each document covers a specific legal obligation under Directive 2014/53/EU.

1
Product Classification and Scope
Determines which of the three cybersecurity requirements apply to your specific IoT product. Based on Art. 1 of Delegated Reg. (EU) 2022/30.
2
Cybersecurity Technical Documentation
The core document. Required by Art. 21 + Annex V. Covers: access control, authentication, password management, secure communications, software integrity, secure updates, vulnerability management, event logging and personal data protection.
3
Cybersecurity Risk Assessment
Maps your product's implementation status against EN 18031-1 (network), EN 18031-2 (data) and EN 18031-3 (fraud) as applicable.
4
EU Declaration of Conformity
Required by Art. 18 + Annex VI. Formal declaration signed by the manufacturer. Basis for CE marking.
5
Simplified Declaration + Printable Label
Required by Art. 10(9) + Annex VII. Short-form declaration that physically accompanies the product. Includes QR code linking to the full declaration.

Common mistakes

COMMON ERROR

"I need a European lab to certify my product"

Not necessarily. If you fully apply EN 18031, Art. 17(3)(a) allows Module A (self-declaration). You generate the documentation, sign the declaration, affix CE marking. No lab, no Notified Body. REDCheck generates the documentation for the self-declaration route.

COMMON ERROR

"CE marking is an approval process I need to apply for"

CE marking is NOT an approval or permit. It is a self-declaration by the manufacturer. You affix it yourself after completing the conformity assessment. There is no application form, no government office, no approval letter.

COMMON ERROR

"I need to comply with all EU regulations before selling one unit"

You need to comply with all APPLICABLE regulations before placing the first unit on the EU market. For radio equipment: Directive 2014/53/EU (including cybersecurity), possibly GPSR, RoHS, WEEE and packaging regulations. REDCheck covers the cybersecurity portion.

What's in the ZIP

5 PDF documents per product model.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 FULL EU MARKET ENTRY CONSULTING PACKAGE
$20,000–$50,000
EMC + safety + cybersecurity + GPSR + RoHS. 6–12 months.
✓ REDCHECK
€99
5 cybersecurity documents. 30 min. The piece you're missing.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 documents. 30 min. €99. Art. 21 requirement.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare. Otherwise Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.

🇪🇺
No CE = no market
Blocked

Without CE marking, your product cannot be legally sold anywhere in the EU.

🛒
Amazon EU / marketplace
Listing blocked

Amazon, eBay and EU marketplaces require CE marking and conformity documentation as listing conditions.

🇩🇪
Germany
€3,000–€30,000

Most US companies enter the EU via Germany first. Produktsicherheitsgesetz applies immediately.

Alternatives

AlternativeCostWhat you get
Full EU market entry consultant$20,000–50,000Everything. 6–12 months.
Figure it out yourself from EUR-Lex€0EN 18031 is 600+ pages across 3 parts.
Ask on Reddit / compliance forums€0Contradictory advice. No documentation output.
REDCheck€995 documents, 30 min

Launching a full product line in Europe?

Professional Pack: €999 for 70 generations. Document every product in your EU catalog.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Does REDCheck cover ALL EU compliance requirements for my IoT product?
No. REDCheck covers the CYBERSECURITY requirements under Art. 3(3)(d)(e)(f). Your product may also require: EMC testing (Art. 3(1)(b)), electrical safety (Art. 3(1)(a)), GPSR (Reg. 2023/988), RoHS (Dir. 2011/65/EU) and WEEE registration (Dir. 2012/19/EU). REDCheck covers the cybersecurity documentation that became mandatory in August 2025.
What is the total cost to sell an IoT product in the EU?
Typical total: EMC/safety testing (€2,000–5,000), cybersecurity documentation (€99 with REDCheck), GPSR documentation (€49 with GPSRCheck), RoHS declaration (self-declared, €0), WEEE registration (€200–500). Total: approximately €2,500–6,000 per product model.
Do I need a European address on the product?
Art. 10(7) requires the manufacturer's name and postal address on the product or packaging. As a US manufacturer, indicate your US address. If you appoint an EU authorized representative, their address can be added alongside yours.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Now you know what documents you need. Generate the cybersecurity ones in 30 minutes. €99 per product.

Five PDF documents. Art. 21 and Annex V. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🇺🇸 FCC vs CE

FCC certification does not cover EU cybersecurity

🇺🇸 Market entry

American company: EU market entry barrier

📦 Importers

Your EU importer is requesting the technical file

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history