Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You manufacture internet-connected radio equipment in the United States and sell it in Europe. FCC certification does not cover cybersecurity under the Radio Equipment Directive. Without the documentation required by Art. 21 of Directive 2014/53/EU, your products cannot legally be marketed in the EU from 1 August 2025.

You built a smart home hub, a connected sensor or an IoT gateway in the US. You opened Amazon DE, FR and IT. Europe is growing — 15-20% of revenue. Then Amazon Seller Support sends a message: Missing cybersecurity documentation under Directive 2014/53/EU. You have FCC certification. You thought that was enough. It is not. An EU compliance consultancy quotes $15,000–20,000 and 3–6 months. You have a board meeting in 6 weeks. REDCheck generates the 5 PDF documents that cover your obligations under Art. 21 and Annex V. 30 minutes. €99 per product. 100% in your browser.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

RED cybersecurity documentation for US manufacturers: the numbers

FCC regulates radio spectrum in the US. The EU has its own framework: Directive 2014/53/EU. Delegated Regulation (EU) 2022/30 added cybersecurity requirements that FCC does not cover. Two separate regulatory systems. Two separate obligations.

1 Aug 2025
Application date of Delegated Reg. (EU) 2022/30 — cybersecurity requirements are now mandatory in the EU
5 documents
Product classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label
$15,000–20,000
Typical EU consultancy cost per product model. REDCheck: €99

What REDCheck does with your product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.

1
Company details
Legal name, role under Directive 2014/53/EU (manufacturer, Art. 10), country of manufacture, EU contact.
2
Product classification
Determines which essential requirements apply: Art. 3(3)(d) (network protection) for all internet-connected equipment. Art. 3(3)(e) (personal data) if your product processes personal data via its app or cloud service.
3
Cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 (network) and EN 18031-2 (personal data) categories: access control, authentication, secure communications, software updates, vulnerability management.
4
Risk assessment
Assessment of implementation status for each applicable requirement of Arts. 3(3)(d) and (e). Maps your answers to a structured risk table.
5
EU Declaration of Conformity
Formal declaration under Art. 18 and Annex VI. Signed by the manufacturer. Basis for CE marking under Arts. 19–20.
6
Download ZIP
5 PDF documents generated in your browser. Add to your technical file alongside test reports and user manual. Retain for 10 years (Art. 10(4)).

Three mistakes US manufacturers make about EU cybersecurity compliance

COMMON ERROR

"We have FCC certification — that covers Europe too"

FCC and CE are separate regulatory systems. FCC Part 15 governs radio emissions in the US. Directive 2014/53/EU governs radio equipment in the EU. The cybersecurity requirements of Art. 3(3)(d) and (e) have no equivalent in FCC certification. Your FCC certificate is irrelevant for EU cybersecurity compliance.

COMMON ERROR

"Our EU distributor handles European compliance"

If you place the product under YOUR name or brand — including via Amazon Seller Central — you are the manufacturer under Art. 10. The obligation to draw up technical documentation (Art. 10(3)) is yours. An importer (Art. 12) must VERIFY you have done this — they cannot do it for you.

COMMON ERROR

"Cybersecurity requirements will come later — we have time"

Delegated Regulation (EU) 2022/30 applies from 1 August 2025. The original date was August 2024, already postponed once by Delegated Regulation (EU) 2023/2444. There will not be another postponement.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 EU COMPLIANCE CONSULTANCY
$15,000–20,000
Per product model. 3–6 months. Time zone difference. 3 models = $45,000–60,000.
✓ REDCHECK
€99
5 documents. 30 minutes per model. 3 models = €297.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive, including criminal penalties for serious infringements.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Arts. 40(1), 40(4) and 43 of Directive 2014/53/EU.

🛒
Amazon EU listing removal
Revenue loss

Amazon requires conformity documentation. Without an EU declaration of conformity covering Arts. 3(3)(d) and (e), your ASINs may be suspended immediately.

📉
Board and investor impact
Strategic

If Europe is 15-20% of revenue and growing, losing EU market access is a board-level event. The cost of compliance (€99–297) is a rounding error compared to the revenue at risk.

Alternatives

AlternativeCostWhat you get
EU compliance consultancy$15,000–20,000 per model3–6 months. Custom report. Time zone lag.
Hire in-house EU regulatory specialist$80,000–120,000/yearSolves the problem, if you can find one and wait 3 months to onboard.
Assemble documentation yourself$0 (your time)EN 18031 has 600+ pages. EU regulatory framework is different from US.
REDCheck€995 documents, 30 min, per model

Selling more than one product in the EU?

If you document 10 or more product models, write to us for the Professional Pack: €999 for 70 generations with a single license key.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

I have FCC certification. Why do I need separate EU cybersecurity documentation?
FCC and the EU Radio Equipment Directive are separate regulatory systems. FCC Part 15 governs radio frequency emissions. Directive 2014/53/EU governs radio equipment in Europe. The cybersecurity requirements of Art. 3(3)(d), (e) and (f) address network protection, personal data and fraud — none of which are covered by FCC certification.
I sell on Amazon EU through Seller Central. Am I the manufacturer?
If you place the product under your own brand, you are the manufacturer under Art. 10 — regardless of whether you sell directly or through a marketplace. Art. 14 extends manufacturer obligations to anyone who places radio equipment on the market under their name or trade mark.
Can I use Module A (self-declaration) instead of a Notified Body?
Yes, if you fully apply EN 18031-1 and, where applicable, EN 18031-2 and EN 18031-3. Art. 17(3)(a) allows Module A when harmonised standards are fully applied.
What is the relationship between RED and the Cyber Resilience Act (CRA)?
Delegated Regulation (EU) 2022/30 will be repealed from 11 December 2027, when Regulation (EU) 2024/2847 (CRA) enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For CRA documentation, SolidwareTools offers CRACheck.
Does this apply if I sell through a US-based distributor who exports to Europe?
Yes. Directive 2014/53/EU applies to any radio equipment placed on the EU market. If a US distributor sells to an EU importer, the importer must verify that the manufacturer — you — has drawn up technical documentation.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Europe can't wait for your next board meeting. Generate the cybersecurity documentation in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer. The ZIP you download is yours permanently.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🇺🇸 FCC vs CE

FCC vs CE: cybersecurity differences for radio equipment

🛒 Amazon

Amazon EU listing removed: cybersecurity documentation for US sellers

💰 Cost

RED Delegated Regulation compliance cost for US companies

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history