Your WiFi smart thermostat connects to the internet via the home router. It runs a companion app that collects room temperature schedules, occupancy patterns and user preferences. Art. 3(3)(d) applies because the device communicates over the internet. Art. 3(3)(e) may apply if the app collects user-identifiable data — occupancy patterns linked to an email address are personal data under GDPR Art. 4(1). A European consultancy quotes $12,000 per model. REDCheck generates the 5 PDF documents. 30 minutes. €99.
€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser
A WiFi smart thermostat is a textbook example of internet-connected radio equipment under Delegated Regulation (EU) 2022/30.
You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.
Art. 1(1) applies Art. 3(3)(d) to ANY radio equipment that communicates over the internet. Complexity is irrelevant. A €30 thermostat has the same obligation as a €300 gateway.
Temperature alone may not be personal data. But occupancy schedules, heating patterns linked to a user account with email, and geofencing data ARE personal data under GDPR Art. 4(1).
Energy labelling (Regulation (EU) 2017/1369) and the Radio Equipment Directive (2014/53/EU) are separate regulations. They are complementary, not overlapping.
5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.
Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.
Art. 21 + Annex V.
Arts. 3(3)(d) and (e).
Art. 18 + Annex VI.
Art. 10(9) + Annex VII.
Look before you buy — Download sample dossier (PDF, fictitious product)
Generated from your data, in your browser. No product data leaves your computer.
5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.
If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.
We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.
Art. 46 of Directive 2014/53/EU requires effective, proportionate and dissuasive penalties.
Arts. 40(1), 40(4) and 43.
BNetzA has already contacted startups selling smart thermostats without cybersecurity documentation.
Amazon requires conformity documentation.
| Alternative | Cost | What you get |
|---|---|---|
| EU consultancy | $12,000/model | Months. Custom report. |
| Hire EU specialist | $80,000+/year | If available. |
| Assemble yourself | $0 (your time) | EN 18031 has 600+ pages. |
| REDCheck | €99 | 5 documents, 30 min, per model |
Professional Pack: €999 for 70 generations.
Request volume pricingREDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.
We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.
REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.