Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your factory in Vietnam assembles WiFi smart speakers for European brands. CE marking now requires cybersecurity technical documentation under Art. 21 of Directive 2014/53/EU — and your clients expect the documentation from you.

You assemble smart speakers with WiFi and voice recognition for European clients. Your CE marking covered EMC and electrical safety. From 1 August 2025, CE marking also requires cybersecurity documentation under Delegated Regulation (EU) 2022/30. Smart speakers with microphones and cloud connectivity trigger BOTH Art. 3(3)(d) (network protection) AND Art. 3(3)(e) (personal data protection). A European consultancy quotes €10,000 per model. You have 12 active models. REDCheck generates the 5 PDF documents that cover your obligations under Art. 21 and Annex V for each model. 30 minutes. €99 per product. 100% in your browser — your product data never leaves your computer.

Generate my RED documentation — €99Free: does my smart speaker need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Cybersecurity documentation for smart speakers: the numbers

Smart speakers with WiFi, microphones and cloud connectivity are among the highest-scrutiny categories under Delegated Regulation (EU) 2022/30. They trigger Art. 3(3)(d) (network) and Art. 3(3)(e) (personal data) simultaneously.

1 Aug 2025
Application date of Delegated Reg. (EU) 2022/30 — cybersecurity requirements are now mandatory
2 requirements
Art. 3(3)(d) network protection + Art. 3(3)(e) personal data. Smart speakers with voice recognition trigger both.
€10,000+
European consultancy cost per model. REDCheck: €99

What REDCheck does with your product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.

1
Company details
Legal name, role under Directive 2014/53/EU (manufacturer, Art. 10), country of manufacture, EU contact.
2
Product classification
Determines which essential requirements apply: Art. 3(3)(d) (network protection) for all internet-connected equipment. Art. 3(3)(e) (personal data) if your product processes personal data via its app or cloud service.
3
Cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 (network) and EN 18031-2 (personal data) categories: access control, authentication, secure communications, software updates, vulnerability management.
4
Risk assessment
Assessment of implementation status for each applicable requirement of Arts. 3(3)(d) and (e). Maps your answers to a structured risk table.
5
EU Declaration of Conformity
Formal declaration under Art. 18 and Annex VI. Signed by the manufacturer. Basis for CE marking under Arts. 19–20.
6
Download ZIP
5 PDF documents generated in your browser. Add to your technical file alongside test reports and user manual. Retain for 10 years (Art. 10(4)).

Three mistakes smart speaker factories make about RED cybersecurity

COMMON ERROR

"Our smart speaker only uses WiFi for streaming — cybersecurity doesn't apply"

Art. 1(1) of Delegated Regulation (EU) 2022/30 applies Art. 3(3)(d) to ANY radio equipment that can communicate over the internet. A WiFi smart speaker communicates over the internet. The function — streaming, voice control, home automation — is irrelevant. The internet connection triggers the requirement.

COMMON ERROR

"Personal data protection only applies if WE store the data"

Art. 3(3)(e) applies to radio equipment capable of PROCESSING personal data. Processing includes collection, recording and transmission — not just storage. A smart speaker with a microphone that transmits voice data to a cloud server is processing personal data. Art. 3(3)(e) applies regardless of who operates the cloud.

COMMON ERROR

"The CE mark on the box proves full compliance"

CE marking for EMC and safety does not cover Art. 3(3)(d) and (e). These are SEPARATE essential requirements activated by Delegated Regulation (EU) 2022/30. Without cybersecurity documentation, the CE marking is legally incomplete. Art. 43(f) allows authorities to act when technical documentation is not available or not complete.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 EUROPEAN CONSULTANCY
€10,000+
Per product model. 3–6 months. 12 active models = €120,000+.
✓ REDCHECK
€99
5 documents. 30 minutes per model. 12 models = €1,188.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive, including criminal penalties for serious infringements.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Arts. 40(1), 40(4) and 43 of Directive 2014/53/EU.

🏭
Contract termination by European buyer
Revenue loss

European importers must verify documentation before placing products on the market. They will terminate the contract out of legal obligation.

🇻🇳
Competitive displacement
Permanent

Factories that provide cybersecurity documentation win contracts. Factories that cannot lose clients to competitors who can.

Alternatives

AlternativeCostWhat you get
European consultancy€10,000+ per model3–6 months. Custom report.
Local testing lab in VietnamLimitedMost labs do EMC/safety only.
Assemble documentation yourself$0 (your time)EN 18031 has 600+ pages.
REDCheck€995 documents, 30 min, per model

Assembling more than one smart speaker model?

If you document 10 or more product models, write to us for the Professional Pack: €999 for 70 generations with a single license key.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Our smart speaker has a microphone and connects to a cloud API. Does Art. 3(3)(e) apply?
Yes. Art. 1(2)(a) applies Art. 3(3)(e) to internet-connected radio equipment capable of processing personal data. Voice data captured by a microphone and transmitted to a cloud server is personal data. Your smart speaker triggers both Art. 3(3)(d) and Art. 3(3)(e).
We assemble under OEM agreements. Who is the manufacturer?
If the European client places the product under their own brand, they become the manufacturer under Art. 14 and assume Art. 10 obligations. However, they will contractually require you to provide the cybersecurity documentation as part of the OEM package.
Can we use Module A (self-declaration) for smart speakers?
Yes, if you fully apply EN 18031-1 and EN 18031-2. Art. 17(3)(a) allows Module A when harmonised standards are fully applied. Smart speakers with personal data processing need both standards.
What happens when the CRA replaces the RED cybersecurity requirements?
Delegated Regulation (EU) 2022/30 will be repealed from 11 December 2027. REDCheck covers 1 August 2025 to 11 December 2027. For CRA documentation, SolidwareTools offers CRACheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your client needs cybersecurity documentation for every smart speaker model. Generate it in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer. The ZIP you download is yours permanently.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🏭 Vietnam

Vietnam electronics manufacturer: RED cybersecurity documentation

📷 IP cameras

IP camera manufacturer: cybersecurity documentation under RED

📦 Importers

Dutch importer: RED cybersecurity documentation requirements

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history