Skip to content
spilma

RED Directive 2014/53/EU, overview

Author Hugues Orgitello Last updated 25 May 2026

Pillar: European Union

The RED Directive 2014/53/EU frames all radio equipment placed on the European market. Adopted in 2014, enriched by Delegated Regulation 2022/30 which activates cybersecurity since 1 August 2025, it is the most impactful directive for modern IoT products, and the most often overlooked in compliance analyses.

Scope and logic

Section titled “Scope and logic”

The RED directive applies to any equipment that intentionally transmits and/or receives radio waves for communication or radio determination. This criterion covers a far wider range than many project teams imagine:

  • Intentional transmitters: Wi-Fi, Bluetooth/BLE, ZigBee, Thread, Z-Wave, LoRa, Sigfox, cellular 2G/3G/4G/5G, active NFC, UWB, remote controls, RFID, MOCN, wireless microphones, radio medical devices.
  • Intentional receivers only: GNSS receivers (GPS, Galileo, GLONASS), FM/DAB/DAB+ receivers, TV receivers.
  • Combined transceivers: all bidirectional communication equipment.

Out of scope:

  • equipment neither intentionally transmitting nor receiving radio waves (Ethernet cable, wired sensor);
  • military and defence equipment (Article 346 TFEU);
  • experimental and R&D equipment not commercialised;
  • evaluation kits strictly intended for integrator manufacturers (under certain conditions).

Four articles, four families of requirements

Section titled “Four articles, four families of requirements”

RED's regulatory architecture organises around four articles of essential requirements. Not all apply systematically, applicability depends on product type and, for article 3.3, on the delegated regulation that activates it.

ArticleSubjectMain harmonised standards
3.1(a)User health and safetyEN 50360 / 50566 / 62209 (SAR), EN 62311 (EMF)
3.1(b)Electromagnetic compatibilityEN 301 489-1 + -X (by radio type)
3.2Efficient use of spectrumBand-specific standard (EN 300 328, EN 301 893, EN 300 220...)
3.3(a)Interoperability between equipmentsNetwork specifications (3GPP, IEEE)
3.3(b)Network protectionNot yet activated
3.3(c)Proper use of spectrumNot yet activated
3.3(d)Protection of network functionsEN 18031-1 (since 2025)
3.3(e)Personal data protectionEN 18031-2 (since 2025)
3.3(f)Protection against fraudEN 18031-3 (since 2025)
3.3(g–i)Other (accessibility, e-call, etc.)Specific cases

Article 3.2 is most visible to engineers: it defines maximum transmit powers, spectral masks, mandatory protocols (DFS, TPC, LBT). Article 3.3 is the most recent and least mastered: its cybersecurity activation in August 2025 transformed the European IoT product landscape.

Cybersecurity since 1 August 2025

Section titled “Cybersecurity since 1 August 2025”

Delegated Regulation (EU) 2022/30 activated three sub-articles of article 3.3 for connected radio products:

  • 3.3(d), the equipment must not degrade the network it connects to, nor act as an attack relay (DDoS via compromised IoT, etc.).
  • 3.3(e), the equipment must protect user personal data (encryption of sensitive communications, access control, secret management).
  • 3.3(f), the equipment must prevent fraud (authentication of payments and transactions, financial data integrity).

Harmonised standards EN 18031-1, EN 18031-2 and EN 18031-3 were published in 2024 to cover each sub-article respectively. They introduce an assurance-level evaluation methodology (basic, substantial, high) reminiscent of Common Criteria schemes, adapted to consumer IoT constraints.

Affected products: nearly all connected radio products in the broad sense: Wi-Fi, BLE, cellular, LPWAN. A few notable exceptions: pure broadcasting equipment, certain professional equipment, toys not intended for under-14s.

For more, see RED Tests which details the EN 18031 evaluation methodology.

Conformity assessment modules

Section titled “Conformity assessment modules”

RED offers more modules than the EMC or LVD directives. The choice depends on the application of harmonised standards:

ModuleWhen to use?Third party required?
Module AHarmonised standards 3.1(a), 3.1(b), 3.2 fully appliedNo
Module A1A standard partially applied: NB assesses only the affected testsNB for specific tests
Module B + CHarmonised standards not applicable or not fully appliedNB for type examination
Module HManufacturer with audited ISO 9001-like quality systemNB for quality audit

For a standard Wi-Fi/BLE product applying harmonised standards EN 300 328 + EN 301 489-17 + EN 62368-1, Module A is the standard route. RED 3.3 cybersecurity is evaluated in parallel per EN 18031, without necessarily requiring a Notified Body if the standards are applied.

RED technical file structure

Section titled “RED technical file structure”

Annex V of RED 2014/53/EU lists the mandatory elements of the technical file:

  1. General description of the equipment
  2. Design and manufacturing drawings
  3. Description and explanations of drawings
  4. List of harmonised standards applied (in whole or in part)
  5. Justification where harmonised standards not applied
  6. Design calculation and examination results
  7. Test reports (internal and external)
  8. Signed copy of EU Declaration of Conformity
  9. Description of accessories, components and software enabling the equipment to operate: RED-specific
  10. For SDRs (software-defined radios): description of authorised hardware-software combinations

See Technical file for detailed expected contents.

Further reading

Section titled “Further reading”

Sources & references

  1. Directive 2014/53/EU, official text , EUR-Lex eur-lex.europa.eu/eli/dir/2014/53/oj
  2. Delegated Regulation (EU) 2022/30: RED 3.3 cybersecurity , EUR-Lex eur-lex.europa.eu/eli/reg_del/2022/30/oj
  3. ETSI: RED harmonised standards , ETSI www.etsi.org/standards
Edited by AESTECHNO, Montpellier, France · Legal notice