RED Directive, frequently asked questions
RED · Pillar
Twenty questions that come up in virtually every RED project, phrased as they are asked in project meetings, with answers you can use without circumlocution. Organised into six themes: scope, certified modules, 2025 cybersecurity, post-market modifications, Notified Bodies, non-EU markets.
Scope and applicability
Section titled “Scope and applicability”What's the difference between RED and EMC?
Section titled “What's the difference between RED and EMC?”The EMC Directive 2014/30/EU covers non-radio electronic equipment. RED 2014/53/EU covers equipment intentionally transmitting or receiving radio waves. For a radio product, RED applies: EMC is integrated into RED article 3.1(b). The same product does not fall under both directives simultaneously for EMC.
My product only sends data via Wi-Fi, does RED apply?
Section titled “My product only sends data via Wi-Fi, does RED apply?”Yes. Any intentional radio transmission activates RED, regardless of protocol or use. Even if the radio serves only telemetry or OTA updates, RED applies. This is the number one error in IoT projects.
Is a GPS-only receiver covered by RED?
Section titled “Is a GPS-only receiver covered by RED?”Yes. Any intentional radio receiver is covered by RED. For pure receivers, article 3.2 does not apply (no transmission to regulate) but articles 3.1(a) safety, 3.1(b) EMC, and 3.3 cybersecurity remain applicable.
Does RED apply to marine products?
Section titled “Does RED apply to marine products?”No. Marine equipment covered by Directive 2014/90/EU falls outside RED. It is governed by a specific regime with "ship wheel" marking.
My product is only for professional use, does RED apply?
Section titled “My product is only for professional use, does RED apply?”Yes. RED applies regardless of B2C or B2B status. The only possible effect of professional use is on the EMC emission class (industrial vs residential); article 3.2 radio and 3.3 cybersecurity requirements remain identical.
Radio modules and antennas
Section titled “Radio modules and antennas”Does my CE-certified Wi-Fi module exempt me from RED marking the final product?
Section titled “Does my CE-certified Wi-Fi module exempt me from RED marking the final product?”No. The module's CE marking covers the module in isolation. Once integrated, the final product must be reassessed. Radio tests can be partially reused only if integration conditions (antenna, power supply, ground plane) are strictly identical to those tested by the module manufacturer.
What happens if I change antenna after certification?
Section titled “What happens if I change antenna after certification?”An antenna modification triggers article 3.2 reassessment (efficient use of spectrum) and often article 3.1(b) (radio EMC). Radio tests must be redone in the new configuration and the DoC updated.
My product uses a radio module certified only in the US, can I sell it in Europe?
Section titled “My product uses a radio module certified only in the US, can I sell it in Europe?”No. US FCC certifications are not recognised in Europe. The product must obtain distinct CE marking per RED, with specific European tests (EN 300 328, EN 301 893, etc. standards) that differ from FCC Part 15 tests.
How does RED work for a multi-radio product?
Section titled “How does RED work for a multi-radio product?”Each radio is individually assessed per its article 3.2 harmonised standard. EMC article 3.1(b) tests must be done in combined mode with all radios active, to assess intermodulations. The DoC may cover the set of radios or be split into separate DoCs.
3.3 Cybersecurity (since August 2025)
Section titled “3.3 Cybersecurity (since August 2025)”What changed for cybersecurity since August 2025?
Section titled “What changed for cybersecurity since August 2025?”Delegated Regulation (EU) 2022/30 activated sub-articles 3.3(d), 3.3(e) and 3.3(f) of RED for connected radio products. Standards EN 18031-1/2/3 published in 2024 cover these requirements. Any radio product placed on the market from 1 August 2025 must demonstrate compliance with 3.3.
Which assurance levels for 3.3 cybersecurity?
Section titled “Which assurance levels for 3.3 cybersecurity?”EN 18031 defines three levels, basic (self-assessment), substantial (third-party assessment), high (rigorous assessment with penetration testing). For consumer IoT products, basic level is generally applicable. Products handling sensitive data or payments may require substantial or high.
What happens if a cybersecurity vulnerability is discovered after placing on the market?
Section titled “What happens if a cybersecurity vulnerability is discovered after placing on the market?”RED 3.3 implies the obligation to maintain product security. The manufacturer must (1) assess the vulnerability impact, (2) deploy a patch if needed via signed OTA, (3) communicate to users and authorities if impact is significant. The vulnerability management procedure must appear in the technical file.
Costs, timing, assessment modules
Section titled “Costs, timing, assessment modules”How much does a complete RED certification cost?
Section titled “How much does a complete RED certification cost?”For an IoT Wi-Fi/BLE + LoRa + basic cybersecurity product, count €25,000 to €60,000 ex-VAT for first certification. For an LTE/5G cellular product with substantial cybersecurity, the budget can reach €100,000 to €150,000.
How long for a RED certification?
Section titled “How long for a RED certification?”3 to 6 months for a standard IoT product. For a cellular product with Notified Body and EU type examination (module B+C), expect 6 to 9 months.
Do I need a Notified Body for RED?
Section titled “Do I need a Notified Body for RED?”No for module A (standard case with harmonised standards applied). Yes for module A1 if a standard is partially applied, or for B+C if a standard is not applied at all. Yes also for 3.3 cybersecurity at substantial or high assurance level.
My product uses a band not covered by a harmonised standard, what to do?
Section titled “My product uses a band not covered by a harmonised standard, what to do?”Two options. (1) Module A1, apply a partial generic standard and have specific tests validated by a Notified Body. (2) Module B+C, complete EU type examination by a Notified Body, recommended if multiple aspects are uncovered.
Modifications and SDR
Section titled “Modifications and SDR”Does an OTA firmware update trigger a new certification?
Section titled “Does an OTA firmware update trigger a new certification?”If the update modifies a radio parameter covered by tests (power, modulation, band, duty cycle), yes, a new article 3.2 assessment and DoC update are needed. If the update is purely functional with no radio impact, no.
How to document an SDR product?
Section titled “How to document an SDR product?”The technical file must include:
- The matrix of authorised hardware-firmware combinations
- The description of protection mechanisms against unauthorised configurations (firmware signature, band lock-down)
- The signed and traced update procedure
How long must I retain the RED file?
Section titled “How long must I retain the RED file?”10 years from the placing on the market of the last unit produced. For an SDR product, also retain all distributed firmware versions during this period, and update logs for traceability.
Non-EU markets
Section titled “Non-EU markets”Does RED apply in the United Kingdom?
Section titled “Does RED apply in the United Kingdom?”No. Since Brexit, Great Britain applies its own regime (UKCA + RED equivalent). The CE radio marking recognition period has been extended several times and some categories obtained indefinite recognition in 2023. Northern Ireland remains under CE/RED regime via the Northern Ireland Protocol.
Sources & references
- Directive 2014/53/EU, official text , EUR-Lex eur-lex.europa.eu/eli/dir/2014/53/oj
- Delegated Regulation (EU) 2022/30 , EUR-Lex eur-lex.europa.eu/eli/reg_del/2022/30/oj