REDCheck — Cybersecurity Documentation Generator

Manufacturer and Product Data

Art. 10.6, 10.7 — Identification of the manufacturer and the radio equipment

🏢 Manufacturer data

Company / manufacturer name *

Country of establishment *

Company size *

Manufacturer postal address *

Contact person *

Contact email *

Manufacturer website

📡 Radio equipment data

Product name *

Firmware/software version *

Type/batch/serial number

Art. 10.6 — Element enabling the identification of the radio equipment

Product category *

Specify other radio technology

Internet connectivity *

Delegated Regulation (EU) 2022/30, Art. 1 — Art. 3(3)(d) applies to all radio equipment 'capable of communicating over the internet, whether directly or via other equipment'.

Description of the intended purpose *

Include the use for which the product is designed, the context of use and the operating conditions.

Is the product already on the EU market?

Note on existing products. Every individual unit of radio equipment placed on the EU market from 1 August 2025 must comply with the cybersecurity requirements of Delegated Regulation (EU) 2022/30, regardless of when it was designed or type-approved. Individual units of the same model placed on the market before that date are not affected.

Product Classification

Delegated Regulation (EU) 2022/30, Arts. 1-2 — Determine which essential cybersecurity requirements apply to your product

🚫 Exclusions (Art. 2 of the Delegated Regulation)

Cybersecurity requirements do NOT apply to radio equipment covered by certain sectoral legislation. Answer the following questions to verify whether your product is excluded.

Is it a medical device in accordance with Reg. (EU) 2017/745 or an in vitro diagnostic device in accordance with Reg. (EU) 2017/746?

Art. 2.1 — Exemption from Arts. 3(3)(d), (e) and (f)Includes: patient monitors, insulin pumps, pacemakers, medical imaging equipment with radio, implantable medical devices with wireless communication.

Is it a vehicle or vehicular component covered by Reg. (EU) 2019/2144?

Art. 2.2 — Exemption from Arts. 3(3)(e) and (f)Includes: in-vehicle infotainment systems, electronic control units (ECU), type-approved vehicular telematics modules.

Is it a civil aviation product covered by Reg. (EU) 2018/1139?

Art. 2.2 — Exemption from Arts. 3(3)(e) and (f)Includes: aeronautical communication systems, air navigation equipment, drones subject to civil aviation certification.

Is it electronic road toll equipment covered by Dir. (EU) 2019/520?

Art. 2.2 — Exemption from Arts. 3(3)(e) and (f)Includes: on-board units (OBU) for electronic road tolling, roadside equipment (RSE) for toll collection.

📋 Applicable articles (Art. 1 of the Delegated Regulation)

Based on the characteristics of your product, determine which essential cybersecurity requirements apply. Each article generates specific obligations and may require the application of a different part of the harmonised standard EN 18031.

Art. 3(3)(d) — Network protection: Is your radio equipment capable of communicating over the internet (directly or indirectly)?

Delegated Regulation Art. 1.1 — Applies EN 18031-1:2024All radio equipment that operates protocols necessary to exchange data with the internet, directly or via other intermediary equipment. Includes routers, smart speakers, IP cameras, wearables with WiFi, IoT sensors with internet gateway.

Art. 3(3)(e) — Personal data protection: Is your radio equipment capable of processing personal data (Art. 4.1 GDPR), traffic data or location data (Art. 2, points (b) and (c) of Dir. 2002/58/EC)?

Delegated Regulation Art. 1.2 — Applies EN 18031-2:2024'Processing' within the meaning of Art. 4(2) GDPR: any operation on personal data (collection, recording, storage, transmission, erasure). 'Traffic data' = data relating to an electronic communication (origin, destination, duration). 'Location data' = data indicating the geographical position of the user. Includes devices with cameras, microphones, biometric sensors, GPS, WiFi connection logs, or that collect any data linkable to a user.

Even WITHOUT internet connection: Is your equipment a toy with radio function, childcare equipment, or a wearable?

Delegated Regulation Art. 1.2(b)(c)(d) — Art. 3(3)(e) applies without requiring internetBaby monitors, Bluetooth toys, smartwatches, fitness trackers, earphones with sensors, children's GPS watches — all are subject to Art. 3(3)(e) even without internet connection, if they process personal data.

Art. 3(3)(f) — Fraud protection: Does your radio equipment, connected to the internet, allow transferring money, monetary value or virtual currency?

Delegated Regulation Art. 1.3 — Applies EN 18031-3:2024Includes payment terminals with radio, smartphones with NFC for payments, IoT devices that manage transactions (connected vending machines, cash registers with radio, etc.).

Cybersecurity Requirements

Arts. 3(3)(d), (e) and (f) — Describe how your product meets each essential cybersecurity requirement

🛡️ Network protection — Art. 3(3)(d)

The radio equipment shall not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service. Describe the measures implemented.

Access control

Art. 3(3)(d) · EN 18031-1 category: Access Control

Does the product implement access control mechanisms that allow only authorised entities to access security and network assets?

Authentication

Art. 3(3)(d) · EN 18031-1 category: Authentication

Does the product implement authentication mechanisms to verify the identity of entities attempting to access the device or its functions?

Password management

Art. 3(3)(d) · EN 18031-1 category: Password Management

Does the product avoid universal default passwords and force the user to set a password during initial setup? (Critical restriction: if the user can skip setting a password, the presumption of conformity is lost.)

Secure communication

Art. 3(3)(d) · EN 18031-1 category: Secure Communication

Are the product's communications encrypted to protect the confidentiality and integrity of data in transit?

Software integrity and secure boot

Art. 3(3)(d) · EN 18031-1 category: Software Integrity

Does the product verify the integrity of its software/firmware at boot and protect against unauthorised modifications?

Secure updates

Art. 3(3)(d) · EN 18031-1 category: Secure Update

Does the product have a firmware/software update mechanism that verifies the authenticity and integrity of updates before installing them?

Vulnerability management

Art. 3(3)(d) · EN 18031-1 category: Vulnerability Management

Does the manufacturer have a process to identify, manage and disclose product vulnerabilities?

Security event logging

Art. 3(3)(d) · EN 18031-1 category: Logging

Does the product log security-relevant events (access attempts, configuration changes, updates)?

Standards and Conformity Assessment

Art. 17 + Implementing Decision (EU) 2025/138 — Harmonised standards and conformity assessment route

📐 Harmonised standards applied

What are the EN 18031 standards? These are the European technical standards that detail HOW to comply with the cybersecurity requirements of the Directive. If your product follows them fully, it obtains 'presumption of conformity' — meaning the EU assumes it complies. This allows you to use self-declaration (Module A) without paying a Notified Body (which costs €5,000-20,000).

If you do NOT apply them or only partially apply them, you must hire a Notified Body (TÜV, SGS, Bureau Veritas, etc.) to assess your product — more expensive and slower.

Do you apply standard EN 18031-1:2024 (network protection)?

Decision (EU) 2025/138 — Harmonised standard for Art. 3(3)(d). Covers: access control, authentication, communication encryption, secure updates, vulnerability management. Example: if your router implements WPA3, TLS 1.3 and has secure boot, you probably apply it fully.

Do you apply standard EN 18031-2:2024 (personal data)?

Decision (EU) 2025/138 — Harmonised standard for Art. 3(3)(e). Covers: data minimisation, at-rest encryption, data deletion, parental control (toys/baby monitors). Example: if your IP camera encrypts stored recordings and allows the user to delete their account, you probably apply it.

Do you apply standard EN 18031-3:2024 (fraud protection)?

Decision (EU) 2025/138 — Harmonised standard for Art. 3(3)(f). Covers: strong transaction authentication, anti-tampering protection, payment security. Example: if your payment terminal uses Secure Element and multi-factor authentication, you probably apply it. If your product does NOT allow monetary transfers, select 'Not applicable'.

✅ Conformity assessment route

Which route do I need?
• Module A (Self-declaration): You assess and declare conformity yourself. No third-party costs. The fastest and most cost-effective option. Only available if you apply EN 18031 fully and without restrictions. Example: a smart plug manufacturer that implements all EN 18031-1 measures can self-declare.
• Module B+C (Notified Body): An authorised laboratory (TÜV, SGS, Bureau Veritas, Intertek) examines a prototype of your product (Module B) and you ensure series production conforms (Module C). Mandatory if you apply EN 18031 only partially. Typical cost: €5,000-15,000. Timeframe: 2-4 months.
• Module H (Full quality assurance): The Notified Body audits your complete quality management system. For large companies with multiple products. Typical cost: €10,000-20,000.

Conformity assessment procedure *

Art. 17 of Directive 2014/53/EU. If in the previous questions you selected 'full application' for all applicable EN 18031 standards, you may choose Module A. If you selected 'partial' or 'not applied', you must choose Module B+C or H.

Other standards or technical specifications applied

Annex V(d) — In addition to EN 18031, indicate other standards applied (ETSI EN 303 645, IEC 62443, etc.).

Signatory Declaration and Summary

Art. 10.3 + Annex VI — Final review before generating the dossier

📊 Dossier summary

Company:

Country:

Product:

Category:

Size:

On market:

Applicable articles:

Reference: Date:

Your dossier will include 5 documents (~18 pages):

• Doc 1: Product Classification and Scope — Delegated Regulation (EU) 2022/30, Arts. 1-2 (2-3 pages)
• Doc 2: Cybersecurity Technical Documentation — Art. 21 + Annex V (5-7 pages)
• Doc 3: Cybersecurity Risk Assessment — Arts. 3(3)(d)(e)(f) (4-5 pages)
• Doc 4: EU Declaration of Conformity — Art. 18 + Annex VI (2 pages)
• Doc 5: Simplified Declaration + Printable Label — Art. 10.9 + Annex VII (1 page)

⚠ SUPPLEMENTARY DOCUMENTATION (Annex V). The complete technical file in accordance with Annex V of Directive 2014/53/EU additionally requires elements that only the manufacturer can provide and which are NOT included in this dossier:

• Annex V(a.i): Photographs or illustrations of the radio equipment showing external features, marking and internal layout.
• Annex V(b): Conceptual design drawings, manufacturing drawings and diagrams of components, sub-assemblies and circuits.
• Annex V(h): Test reports carried out on the radio equipment.

These documents must be added to the technical file alongside the 5 PDFs generated by REDCheck to complete the required documentation. The manufacturer must retain the complete file for 10 years (Art. 10.4).

✍️ Signatory declaration

I declare that the information provided in this form is truthful, complete and accurate to the best of my knowledge. I assume full legal responsibility for the content of the document that will be generated with this information. I understand that REDCheck is a document generator that operates 100% in my browser, does not verify the accuracy of my declarations against external sources, and that the final responsibility for the document is exclusively mine. The product classification reflected in the dossier is based on the information I have declared in accordance with Delegated Regulation (EU) 2022/30.

Product version: REDCheck v1.0 covers the cybersecurity requirements of Arts. 3(3)(d), (e) and (f) activated by Delegated Regulation (EU) 2022/30 (in force from 1 Aug. 2025 to 11 Dec. 2027). From 11 December 2027, these requirements will be absorbed by the Cyber Resilience Act — Reg. (EU) 2024/2847. SolidwareTools monitors the OJEU and EUR-Lex weekly.

Your REDCheck Dossier

Generate your complete cybersecurity documentation.

RADIO EQUIPMENT DIRECTIVE · Directive 2014/53/EU

Without cybersecurity technical documentation in accordance with Arts. 3(3)(d), (e) and (f), your radio equipment cannot bear the CE marking nor be legally marketed in the EU from 1 August 2025.

1 PRODUCT

99 €

/ product

PROFESSIONAL PACK

999 €

70 generations · 1 key

✔ Product Classification (Delegated Reg. 2022/30)

✔ Cybersecurity Technical Documentation — Annex V

✔ Risk Assessment — Arts. 3(3)(d)(e)(f)

✔ EU Declaration of Conformity — Annex VI

✔ Simplified Declaration + Label — Annex VII

One-time payment · 10 regenerations · 30 days editing · PDF yours forever · 100% in your browser

Choose your licence type:

Individual Licence

1 product · 10 regenerations · 30 days

99 €

This key is permanently bound to a single product. If you change the product name or company, it will be locked.

Buy Individual Licence — €99 →

Professional Pack MULTI-PRODUCT

70 generations · Multi-product · 30 days

999 €

70 generations · One key

With this key you can generate documentation for up to 70 different products. Switch products between generations. Ideal for large catalogues or consultancies.

Buy Professional Pack — €999 →

High volume or special packs: hello@solidwaretools.com

Digital product exempt from the right of withdrawal under Article 16.m of Directive (EU) 2011/83 on consumer rights. By activating the license, the buyer gives express consent for the immediate generation of the digital dossier and waives the 14-day withdrawal period. Refunds accepted only for verifiable reproducible technical failures, reported by email to hello@solidwaretools.com within 14 days of purchase.

This document has been generated by REDCheck (SolidwareTools) from information provided by the signatory. It does not constitute legal advice nor a third-party audit. The accuracy of the data and the effective compliance with applicable legal obligations are the exclusive responsibility of the signatory. SolidwareTools guarantees that the structure of this document follows Directive 2014/53/EU and Delegated Regulation (EU) 2022/30 as in force at the date of issue. For personalised advice, consult a qualified professional.

Confirm licence activation