You manufacture or sell educational robots, interactive plush toys, Bluetooth-connected tablets for children or any toy with a radio function that falls under Directive 2009/48/EC. You thought the Toy Safety Directive was your only regulatory concern. It is not. Art. 1(2)(c) of Delegated Regulation (EU) 2022/30 activates Art. 3(3)(e) of Directive 2014/53/EU for radio equipment covered by Directive 2009/48/EC — if the toy processes personal data. No internet connection required. A BLE toy that records voice, captures images or collects play data processes personal data under GDPR Art. 4(1). If the toy also connects to the internet, Art. 3(3)(d) applies as well. REDCheck generates the 5 PDF documents. 30 minutes. €99 per product. 100% in your browser.
€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser
Delegated Regulation (EU) 2022/30 treats radio toys as a special category. Art. 1(2)(c) activates cybersecurity requirements specifically for radio equipment covered by the Toy Safety Directive — with a lower threshold than general consumer electronics: no internet connection needed.
You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.
Art. 1(2)(c) of Delegated Regulation (EU) 2022/30 does NOT require an internet connection for Art. 3(3)(e) to apply. Radio equipment covered by Directive 2009/48/EC (toys) is a special category: if the toy processes personal data as defined in Art. 4(1) of GDPR, Art. 3(3)(e) applies regardless of internet connectivity. A BLE toy that records a child's voice processes personal data.
Directive 2009/48/EC covers physical, chemical, mechanical and electrical safety of toys. It does NOT cover cybersecurity of radio functions. Directive 2014/53/EU covers radio equipment — including toys with Bluetooth, WiFi or any other radio technology. From 1 August 2025, Delegated Regulation (EU) 2022/30 adds cybersecurity requirements on top. Your toy needs BOTH: toy safety AND radio cybersecurity documentation.
Check carefully. Art. 4(1) of GDPR defines personal data broadly: any information relating to an identifiable natural person. If your toy's companion app collects the child's name, age, play preferences, usage statistics or location — that is personal data. If your toy has a microphone that captures voice — that is personal data. If it only plays pre-loaded sounds with no data collection and no app, Art. 3(3)(e) may not apply — but Art. 3(3)(d) still applies if the toy connects to the internet.
5 PDF documents generated from your product data. Each cites the exact article of Directive 2014/53/EU that it covers.
Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.
Art. 21 + Annex V. Requirement-by-requirement documentation.
Arts. 3(3)(d) and (e). Structured risk table.
Art. 18 + Annex VI.
Art. 10(9) + Annex VII.
Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.
Generated from your data, in your browser. No product data leaves your computer.
5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.
If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.
We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.
Art. 46 of Directive 2014/53/EU requires Member States to establish penalties. Children's products receive heightened scrutiny.
Market surveillance authorities treat non-compliant children's products with heightened urgency. A toy that fails cybersecurity requirements may be recalled under Arts. 40 and 43 — and the recall will be published in the Safety Gate (RAPEX) system, visible to all 27 Member States.
Non-compliant toys are published in the EU Safety Gate system. The product, the manufacturer and the country of origin are publicly identified. For children's products, media amplification is immediate.
Amazon, eBay and European marketplaces require conformity documentation. Children's products receive heightened scrutiny. Listings can be removed without prior notice.
| Alternative | Cost | What you get |
|---|---|---|
| Notified Body / toy testing lab | €5,000–12,000 per model | 3–6 months. Full third-party assessment. |
| Cybersecurity consultancy | €5,000–15,000 per model | Custom report. Weeks of wait. |
| Assemble documentation yourself | €0 (your time) | EN 18031 has 600+ pages. No guidance. |
| REDCheck | €99 | 5 documents, 30 min, per model |
If you document 10 or more product models, write to us for the Professional Pack: €999 for 70 generations with a single license key.
Request volume pricingREDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.
We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.
REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer. The ZIP you download is yours permanently.