Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You manufacture WiFi routers in the United States and sell them in 14 countries, including the EU. CE marking now requires cybersecurity technical documentation under Art. 21 of Directive 2014/53/EU. Your consultancy in Munich quotes €7,000 per model. You have 3 models. REDCheck costs €99.

You are the compliance manager at a US router manufacturer. Your CE marking has covered EMC and electrical safety for years. Your consultancy in Munich handles it — €12,000/year. Now they want an additional €7,000 per model for cybersecurity documentation under Delegated Regulation (EU) 2022/30. Three models = €21,000 on top of the retainer. Your VP says: 'Find a cheaper way.' Routers are among the highest-scrutiny categories: they trigger Art. 3(3)(d) (network protection) and, if they process personal data via admin panels or cloud management, Art. 3(3)(e). REDCheck generates the 5 PDF documents. 30 minutes. €99 per product.

Generate my RED documentation — €99Free: does my router need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

CE cybersecurity documentation for routers: the numbers

Routers are the textbook example of Art. 3(3)(d). They ARE the network. A router that does not protect the network fails the most fundamental cybersecurity requirement of Delegated Regulation (EU) 2022/30.

1 Aug 2025
Application date — cybersecurity requirements are now mandatory for all routers sold in the EU
Art. 3(3)(d) + (e)
Network protection applies to every router. Personal data applies if the router processes user data (admin panel, cloud management, parental controls).
€7,000 vs €99
Munich consultancy vs REDCheck per model. Same articles. Same annexes.

What REDCheck does with your product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.

1
Company details
Legal name, role under Directive 2014/53/EU, country, EU contact.
2
Product classification
Determines applicable requirements: Art. 3(3)(d), (e) and/or (f).
3
Cybersecurity assessment
EN 18031 categories: access control, authentication, secure comms, updates, vulnerability management.
4
Risk assessment
Structured risk table per applicable requirement.
5
EU Declaration of Conformity
Art. 18 + Annex VI. Basis for CE marking.
6
Download ZIP
5 PDFs. Add to technical file. Retain 10 years (Art. 10(4)).

Three mistakes US router manufacturers make about CE cybersecurity

COMMON ERROR

"Our existing CE marking already covers cybersecurity for routers"

CE marking for EMC and safety has been mandatory since 2016. The cybersecurity requirements of Art. 3(3)(d) and (e) are SEPARATE essential requirements activated by Delegated Regulation (EU) 2022/30 from 1 August 2025. Your existing CE file must now be supplemented.

COMMON ERROR

"Routers are infrastructure — cybersecurity applies only to consumer devices"

Art. 1(1) applies Art. 3(3)(d) to ANY radio equipment that can communicate over the internet. Enterprise routers, consumer routers, access points, mesh systems — all trigger Art. 3(3)(d). Market segment is irrelevant.

COMMON ERROR

"Our Munich consultancy must handle this — we cannot self-declare"

Art. 17(3)(a) allows Module A (self-declaration) when EN 18031 is fully applied. If your router fully meets EN 18031-1 and EN 18031-2 (if applicable), you can self-declare without a Notified Body.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 MUNICH CONSULTANCY
€7,000
Per model. On top of €12,000/year retainer. 3 models = €21,000 additional.
✓ REDCHECK
€99
5 documents. 30 minutes. 3 models = €297. Present to your VP.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99. Art. 21 prerequisite for any conformity route.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, self-declare via Module A (Annex II). If not, Art. 17(4) requires third-party involvement.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation.

What happens without cybersecurity documentation

Routers are critical infrastructure. Market surveillance authorities scrutinize them more heavily than consumer gadgets.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Arts. 40(1), 40(4) and 43 of Directive 2014/53/EU.

🇩🇪
Germany — BNetzA enforcement
€3,000–€30,000

Bundesnetzagentur. Produktsicherheitsgesetz §19-20. Germany is the largest EU market for networking equipment.

📉
VP conversation you don't want
Strategic

If the EU blocks your routers, your VP doesn't ask 'why.' They ask 'why didn't you prevent this?' €297 for 3 models is the answer.

Alternatives

AlternativeCostWhat you get
Munich consultancy€7,000/model + retainerCustom report. Weeks. Known vendor.
Notified Body (if needed)€8,000–20,000/modelFull third-party assessment. Only if EN 18031 not fully applied.
In-house compliance engineer$90,000–130,000/yearFull capability — if you can recruit and wait 3 months.
REDCheck€995 documents, 30 min, per model. Same articles as the consultancy.

Manufacturing more than 3 router models?

Professional Pack: €999 for 70 generations. One generation per product model.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Our router has a web-based admin panel that stores WiFi passwords. Does Art. 3(3)(e) apply?
If your admin panel stores usernames, email for password recovery or usage logs, Art. 3(3)(e) clearly applies under Art. 1(2)(a). REDCheck's product classification determines the exact scope.
We sell enterprise access points, not consumer routers. Does the Delegated Regulation still apply?
Yes. Art. 1(1) applies Art. 3(3)(d) to ANY radio equipment that communicates over the internet. There is no consumer/enterprise distinction.
Can I show REDCheck documentation alongside our consultancy's EMC report?
Yes. The technical file under Art. 21 is cumulative. Your EMC reports cover Art. 3(1)(b). REDCheck covers Art. 3(3)(d)(e)(f). All go into the same technical file.
Can we use Module A (self-declaration) for routers?
Yes, if you fully apply EN 18031-1 and, where applicable, EN 18031-2. Art. 17(3)(a) allows Module A when harmonised standards are fully applied.
What happens when the CRA replaces RED?
Delegated Regulation (EU) 2022/30 will be repealed from 11 December 2027. REDCheck covers 1 August 2025 to 11 December 2027.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your VP wants a cheaper way. Here it is. €99 per router model.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

📋 Module A

Module A self-declaration for US manufacturers

⚖ FCC vs CE

FCC vs CE: cybersecurity differences for radio equipment

💰 Cost

RED Delegated Regulation compliance cost for US companies

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history