Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your European clients are requesting cybersecurity technical documentation for the radio equipment your factory assembles in Vietnam. Without it, your products cannot enter the EU market from 1 August 2025. The documentation obligation falls on the manufacturer under Art. 10 of Directive 2014/53/EU.

You assemble smart speakers, IP cameras or set-top boxes in Vietnam for European brands. Three of your clients have sent you a checklist you have never seen before: cybersecurity documentation under Delegated Regulation (EU) 2022/30. A testing lab quotes $6,000–12,000 per product model and months of waiting. You have dozens of active models. If you cannot respond within 30 days, the client finds another factory — and in Vietnam there are hundreds. REDCheck generates the 5 PDF documents that cover your obligations under Art. 21 and Annex V for each model. 30 minutes. €99 per product. 100% in your browser — your product data never leaves your computer.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

Cybersecurity documentation for Vietnam electronics factories: the numbers

Delegated Regulation (EU) 2022/30 activated the cybersecurity requirements of Art. 3(3)(d) and (e) for all internet-connected radio equipment — including every smart speaker, IP camera and set-top box your factory assembles for European clients. The obligations are in force.

1 Aug 2025
Application date of Delegated Reg. (EU) 2022/30 — cybersecurity requirements are now mandatory
5 documents
Product classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label
$6,000–12,000
Typical cost at a testing lab per product model. REDCheck: €99

What REDCheck does with your product data

You enter your product specifications. REDCheck structures the cybersecurity documentation requirement by requirement, following the EN 18031 categories.

1
Company details
Legal name, role under Directive 2014/53/EU (manufacturer, Art. 10), country of manufacture, EU contact.
2
Product classification
Determines which essential requirements apply: Art. 3(3)(d) (network protection) for all internet-connected equipment. Art. 3(3)(e) (personal data) if your product processes personal data via its app or cloud service.
3
Cybersecurity assessment
Requirement-by-requirement review mapped to EN 18031-1 (network) and EN 18031-2 (personal data) categories: access control, authentication, secure communications, software updates, vulnerability management.
4
Risk assessment
Assessment of implementation status for each applicable requirement of Arts. 3(3)(d) and (e). Maps your answers to a structured risk table.
5
EU Declaration of Conformity
Formal declaration under Art. 18 and Annex VI. Signed by the manufacturer. Basis for CE marking under Arts. 19–20.
6
Download ZIP
5 PDF documents generated in your browser. Add to your technical file alongside test reports and user manual. Retain for 10 years (Art. 10(4)).

Three mistakes Vietnam electronics factories make about RED cybersecurity

COMMON ERROR

"The European client handles compliance, not the factory"

It depends on your contractual role. If you manufacture under YOUR OWN name or brand (even for OEM), Art. 10(1) and 10(3) place the obligation on the manufacturer. If the European client places the product under THEIR brand, they become the manufacturer under Art. 14 — but they will contractually require YOU to provide the documentation. Either way, the documentation starts with you.

COMMON ERROR

"We already have CE marking — cybersecurity is covered"

CE marking for electromagnetic compatibility (Art. 3(1)(b)) and electrical safety (Art. 3(1)(a)) has been mandatory since 2016. The cybersecurity requirements of Art. 3(3)(d) and (e) are SEPARATE obligations activated by Delegated Regulation (EU) 2022/30 from 1 August 2025. Your existing CE marking does not cover them.

COMMON ERROR

"Our factory only assembles — we don't design, so cybersecurity doesn't apply"

Art. 2(1)(12) of Directive 2014/53/EU defines 'manufacturer' as any person who manufactures radio equipment OR HAS radio equipment designed or manufactured. If your factory assembles the product, you are a manufacturer regardless of who designed the circuit. Assembly is manufacturing.

What's in the ZIP

5 PDF documents per product model. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V.

3

Risk Assessment

Arts. 3(3)(d) and (e).

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product)

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 TESTING LAB / CONSULTANCY
$6,000–12,000
Per product model. 3–6 months. Queue time. 30 active models = $180,000–360,000.
✓ REDCHECK
€99
5 documents. 30 minutes per model. 30 models = €2,970.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 PDF documents. 30 min. €99 per product. The documentation that Art. 21 requires BEFORE your product can bear CE marking.

∅ LAYER 2

Conformity assessment by a Notified Body

If you fully apply EN 18031, you can self-declare via Module A (Annex II) without a Notified Body. If you partially apply or don't apply the harmonised standards, Art. 17(4) requires third-party involvement. REDCheck does not replace a Notified Body — it generates the documentation that is a prerequisite for any conformity route.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive, including criminal penalties for serious infringements.

🇪🇺
Market withdrawal and sales prohibition
Immediate

Market surveillance authorities can require withdrawal, prohibit sale or order a recall. Arts. 40(1), 40(4) and 43 of Directive 2014/53/EU.

🇩🇪
Germany — Produktsicherheitsgesetz
€3,000–€30,000

Administrative fines under §19. Up to 1 year imprisonment under §20. Germany is the largest EU destination for Vietnamese-assembled electronics.

🔗
Loss of European client contracts
Revenue loss

European importers (Art. 12) must verify documentation before placing on the market. Without it, your European client cannot legally sell. They will find another factory.

Alternatives

AlternativeCostWhat you get
Testing lab / consultancy$6,000–12,000 per model3–6 months. Full third-party assessment.
Ask the European client to handle it$0 (your time)They cannot do it for you (Art. 10). You lose the contract.
Assemble documentation yourself$0 (your time)EN 18031 has 600+ pages across 3 parts. No guidance.
REDCheck€995 documents, 30 min, per model

Assembling more than one product model for European clients?

If you document 10 or more product models, write to us for the Professional Pack: €999 for 70 generations with a single license key. One generation per product model.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Our European client says cybersecurity documentation is our responsibility. Is that correct?
It depends on who is the 'manufacturer' under the Directive. If your factory produces under the European client's brand, they are the manufacturer under Art. 14 — but they will contractually pass this obligation back to you. If you produce under your own brand, you are the manufacturer directly under Art. 10. Either way, the documentation must originate from the factory.
We assemble for multiple European brands. Do we need separate documentation for each?
Yes. The technical documentation under Art. 21 is per product TYPE, not per brand. If you assemble the same hardware under three European brands, each brand needs its own documentation because the EU declaration of conformity identifies the specific manufacturer and product.
Can we use Module A (self-declaration) instead of a Notified Body?
Yes, if you fully apply the harmonised standards EN 18031-1 and, where applicable, EN 18031-2 and EN 18031-3. Art. 17(3)(a) allows internal production control (Module A, Annex II) when harmonised standards are fully applied.
Does Art. 3(3)(e) apply to IP cameras we assemble?
Yes, if the IP camera processes personal data as defined in Art. 4(1) of GDPR. Video surveillance captures images of identifiable persons — that is personal data. Both Art. 3(3)(d) AND Art. 3(3)(e) apply to IP cameras.
What happens when the CRA replaces the RED cybersecurity requirements?
Delegated Regulation (EU) 2022/30 will be repealed with effect from 11 December 2027, when the Cyber Resilience Act — Regulation (EU) 2024/2847 — enters full application. REDCheck covers the window from 1 August 2025 to 11 December 2027. For CRA documentation, SolidwareTools offers CRACheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your European client is waiting. Generate the cybersecurity documentation in your browser in 30 minutes.

Five PDF documents. Art. 21 and Annex V fully structured. Directive 2014/53/EU. Your product data never leaves your computer. The ZIP you download is yours permanently.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🏭 China

Smart plug manufacturer: EU cybersecurity documentation under RED

🛒 Amazon

Amazon EU listing suspended — cybersecurity documentation required

📦 Importers

German importer: RED cybersecurity documentation requirements

✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history