RED Cyber for Import Compliance — 70 Licenses

What each dossier includes: 8 structured documents

Every license generates a complete Art. 3(3) cybersecurity documentation package for one product. Each document cites the specific article of Directive 2014/53/EU and Delegated Regulation (EU) 2022/30 it addresses.

Product Scope Analysis

Classification per Delegated Regulation (EU) 2022/30: internet-connected, childcare, toy, wearable, payment-capable. Determines which Art. 3(3) requirements apply.

Art. 3(3)(d) Network Protection Assessment

Assessment demonstrating the product does not harm the network or its functioning nor misuse network resources. Article 3(3)(d) of Directive 2014/53/EU.

Art. 3(3)(e) Privacy & Data Protection Assessment

Safeguards for the protection of personal data and privacy of the user and of the subscriber. Article 3(3)(e) of Directive 2014/53/EU.

Art. 3(3)(f) Fraud Protection Assessment

Features ensuring protection from fraud for devices enabling transfer of money, monetary value, or virtual currency. Article 3(3)(f) of Directive 2014/53/EU.

Technical Documentation Package

Per Annex V of Directive 2014/53/EU. Product description, design, cybersecurity measures, conformity assessment references.

Conformity Assessment Route Analysis

Module determination per Article 17(3) or 17(4) of Directive 2014/53/EU for the applicable Art. 3(3) cybersecurity requirements.

EU Declaration of Conformity

Per Annex VI. Manufacturer identification, product identification, applicable requirements, conformity assessment reference. Article 18.

CE Marking Guidance Sheet

Printable reference with CE marking requirements, manufacturer contact, applicable Art. 3(3) requirements. Articles 19 and 20.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

How it works — four steps

Buy the pack

70 license codes delivered by email via Gumroad. One payment. No subscription.

Activate a license

Each license has its own code. Activate when needed. 30-day editing window per license from first activation.

Generate the dossier

15-20 minutes. Guided form with references to every article. Enter the manufacturer's product data. The importer does not need access to the tool.

Deliver to the importer

8 PDFs in a ZIP file. Structured, article-by-article. Documentation the importer needs to satisfy Article 12.2 and keep at the disposal of market surveillance authorities per Article 12.8.

Three mistakes that cost import compliance advisors time and clients

❌

Pattern 1 — Relying on the non-EU manufacturer to produce cybersecurity documentation

Most non-EU manufacturers have no Art. 3(3) documentation

Article 12.2 of Directive 2014/53/EU requires importers to ensure, before placing radio equipment on the market, that the manufacturer has carried out the conformity assessment and drawn up technical documentation. In practice, many non-EU manufacturers of wireless consumer electronics have not produced Art. 3(3)(d)(e)(f) cybersecurity documentation. Waiting for them to do so leaves the importer non-compliant and the advisor without a solution.

❌

Pattern 2 — Treating cybersecurity as covered by the existing RED technical file

The Art. 3(3) requirements are a separate documentation layer

An existing RED technical file that covers Article 3(1) (safety) and Article 3(2) (radio spectrum) does not automatically include Art. 3(3)(d)(e)(f) cybersecurity documentation. Delegated Regulation (EU) 2022/30 activated these requirements separately. A product can have a complete traditional RED file and still lack cybersecurity documentation entirely.

❌

Pattern 3 — Advising importers that enforcement has not started yet

National authorities are already requesting Art. 3(3) documentation

Delegated Regulation (EU) 2022/30 has been applicable since 1 August 2025. National market surveillance authorities are issuing requests for Art. 3(3) documentation for products already on the market. An importer who cannot produce it faces corrective measures under Article 40 — including product withdrawal. The advisor who has not prepared the documentation is leaving clients exposed.

Documentation and implementation: two layers

● LAYER 1 — What REDCheck does

Art. 3(3) cybersecurity documentation

8 structured PDF documents per product. Network protection, privacy safeguards, fraud protection assessments, technical documentation, Declaration of Conformity, CE marking guidance. Generated from input data in 20 minutes. Article-by-article traceability to Directive 2014/53/EU and Delegated Regulation (EU) 2022/30.

∅ LAYER 2 — What REDCheck does not do

Product security implementation and radio testing

Radio frequency testing, encryption implementation, firmware security hardening, penetration testing, protocol analysis. These are implementation-level services. REDCheck documents the cybersecurity posture — it does not create it.

REDCheck structures and documents. The trade compliance advisor coordinates between the importer and the manufacturer. The two layers complement each other.

What your importers face without documentation

These are the consequences under Directive 2014/53/EU for importers who cannot demonstrate Art. 3(3) compliance. This is the argument when a client questions whether the cybersecurity documentation is truly necessary.

🇪🇺

Importer prohibited from placing product on the market

Market access blocked

Article 12.2 of Directive 2014/53/EU. The importer shall not place radio equipment on the market until it has been brought into conformity if they consider or have reason to believe it is non-compliant.

🇪🇺

Corrective measures, withdrawal, or recall

Existing inventory at risk

Article 40. Market surveillance authorities can require corrective measures, withdrawal from the market, or product recall if technical documentation is insufficient — including for products already on the market.

🇪🇺

National penalties including criminal sanctions

Effective, proportionate, dissuasive

Article 46. Member States impose penalties for infringement of the Directive, which may include criminal penalties for serious infringements.

The importers face these consequences. The advisor offers the documentation that prevents them.

Alternatives for documenting 70 imported products

Option	Cost for 70 products	Total time	Output quality
Wait for non-EU manufacturer	Internal follow-up time	Weeks to months	Uncertain, if it arrives at all
Manual drafting (Word templates)	Professional time only	700+ hours	Variable, no Art. 3(3)-specific structure
Outsource to radio compliance lab	€35,000–€105,000	Depends on provider	High, but cost-prohibitive at scale
REDCheck Professional Pack	€999 (one-time)	~23 hours total	Structured, Art. 3(3), article-by-article

What REDCheck guarantees and what it does not

REDCheck generates a structured documentation package according to Article 3(3)(d), (e), and (f) of Directive 2014/53/EU and Delegated Regulation (EU) 2022/30 from the information that the user enters. The truthfulness, accuracy and completeness of that information is the responsibility of the manufacturer — or of the professional entering data on their behalf.

We guarantee that the document structure follows Article 3(3) of Directive 2014/53/EU, Annex V for technical documentation, and Annex VI for the Declaration of Conformity, and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — professional pack

How do the 70 licenses work?

Each license is activated with a unique code and is associated with one specific product and manufacturer. One license equals one Art. 3(3) cybersecurity technical documentation dossier. The 70 licenses are used independently. They do not expire as a block — each one has its own 30-day editing window from its individual first activation.

Can I request a refund?

The pack is a digital product governed by Article 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the first license and expressly confirming PDF generation, the buyer consents to the downloadable digital content nature of the product and waives the right of withdrawal. Refunds are accepted only for reproducible technical failures (generator error, PDF that does not download, verifiable bug) within 14 calendar days of purchase.

What if the regulation changes?

Unused licenses will generate the dossier using the updated version of the generator at no additional cost. REDCheck is updated within 48 hours of any regulatory change published in the Official Journal of the European Union.

Do I need legal expertise to use the tool?

No. The generator guides step by step with references to each article of Directive 2014/53/EU and Delegated Regulation (EU) 2022/30. The user enters the product data — manufacturer details, product description, connectivity type, security features, data processing capabilities. The tool structures the dossier according to Article 3(3)(d), (e), and (f) and Annex V. It does not replace legal advice but reduces documentation time from hours to minutes.

Article 12.2 says the importer must verify that the manufacturer has done the conformity assessment. What if the manufacturer has no cybersecurity documentation?

Article 12.2 of Directive 2014/53/EU requires importers to ensure, before placing radio equipment on the market, that the manufacturer has carried out the appropriate conformity assessment procedure and drawn up the technical documentation. If the non-EU manufacturer has not produced Art. 3(3) cybersecurity documentation — which is common — the importer cannot legally place the product on the market without it. The trade compliance advisor can generate the documentation using the manufacturer's product data via REDCheck and deliver it as part of the compliance service, enabling the importer to meet their Article 12 obligations.

Does the dossier serve as evidence if a national authority requests Art. 3(3) documentation for products already on the market?

The REDCheck dossier is structured technical documentation per Annex V of Directive 2014/53/EU, covering the cybersecurity requirements of Article 3(3)(d), (e), and (f). Article 12.8 requires importers to keep a copy of the EU Declaration of Conformity at the disposal of market surveillance authorities for 10 years and ensure that technical documentation can be made available upon request. The dossier provides the structured documentation that the importer needs to have available when an authority requests it.

Official legal sources

Directive 2014/53/EU — Radio Equipment Directive (EUR-Lex) Commission Delegated Regulation (EU) 2022/30 — Cybersecurity requirements for radio equipment (EUR-Lex)

⚠️ Important notice: REDCheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The documents are generated from your input data. You are responsible for the accuracy of the data you provide. REDCheck does not replace a qualified professional assessment.

Your importers bring wireless consumer electronics into the EU. Article 12.2 says they must verify cybersecurity documentation exists before placing any product on the market. Each dossier takes 10 hours to draft. With 70 licenses, it takes 20 minutes.

The numbers that matter for your import compliance practice

Who uses the professional pack

What documenting 70 imported products costs — with and without the pack

What this pack actually changes in your practice