RED harmonised standards

Author Hugues Orgitello Last updated 25 May 2026

RED · Pillar

RED harmonised standards break down by article (3.1(a) safety, 3.1(b) EMC, 3.2 spectrum, 3.3 cybersecurity) and by radio type. This page lists the standards in force in 2026, their exact scope, and the method to verify their Official Journal publication, essential to benefit from the presumption of conformity.

RED standards architecture

The RED directive organises its standards into four families, one per essential-requirement article. A complete RED certification therefore typically cites 4 to 6 different harmonised standards, one per applicable article, sometimes with multiple parts.

Family	Scope	Generic standard	Specific standards
3.1(a) Safety	RF exposure, SAR	EN 62311	EN 50360, EN 50566, EN 62209-1/-2
3.1(b) Radio EMC	Radio emissions / immunity	EN 301 489-1	-3, -17, -19, -52, etc. (by type)
3.2 Spectrum	Efficient use of spectrum	(no generic standard)	EN 300 328, EN 301 893, EN 300 220, etc.
3.3 Cybersecurity	Network/data/fraud protection	(no generic standard)	EN 18031-1, EN 18031-2, EN 18031-3

For a typical Wi-Fi/BLE product, the set consists of:

EN 62311 for safety
EN 301 489-1 + EN 301 489-17 for radio EMC
EN 300 328 for 2.4 GHz spectrum
EN 18031-1 / -2 for cybersecurity (since August 2025)
EN 62368-1 for electrical safety (LVD)

So five standards plus the safety standard, a typical RED file cites 5 to 7 references.

Article 3.1(a): Health

For equipment worn within 20 cm of the body, the SAR test is required. The method depends on the equipment type:

Standard	Application
EN 50360	Mobile phones (head)
EN 50566	Equipment worn against body (trunk, hip)
EN 62209-1	General method for phones
EN 62209-2	Method for devices ≤ 100 g
EN 62209-3	Matrix (vector) method

For fixed or non-worn equipment (IP cameras, wall sensors), EN 62311 covers generic EMF exposure assessment near the user. The method is documentary in most cases: a power density or electric field calculation at use distances suffices.

European limits for public exposure:

Trunk/limb SAR: 4.0 W/kg (averaged over 10 g, 6 minutes)
Head SAR: 2.0 W/kg (averaged over 10 g, 6 minutes)
Power density above 6 GHz: 10 W/m²
Electric field 1-300 MHz: 28 V/m (reference)

These values derive from ICNIRP recommendations transposed by Council Recommendation 1999/519/EC. The 2020 ICNIRP update slightly modified values above 6 GHz to account for 5G millimetre frequencies.

Article 3.1(b): Radio electromagnetic compatibility

The EN 301 489 series covers radio equipment EMC. It comprises a generic part -1 and specific parts -X per radio type. The -1 + -X pair is mandatory for each product.

Generic part

EN 301 489-1 defines common requirements:

Covered frequency range (15 kHz to 6 GHz minimum, 30 MHz to 18 GHz for radio products)
Performance criteria during immunity tests
Emission measurement methodology
Product configuration in both transmit AND receive modes

Specific parts

Part	Application
-3	Short-range devices (SRD) ≤ 1 GHz: LoRa, Sigfox, Z-Wave, remote controls
-4	Fixed radio links at 1-90 GHz
-5	PMR trunking (Tetra, P25)
-9	Wireless microphones
-15	Amateur equipment
-17	Wi-Fi 2.4 / 5 / 6 GHz and Bluetooth
-19	GNSS receivers (GPS, Galileo)
-22	VDL aeronautical equipment
-31	Active medical implants
-34	Marine VHF equipment
-50	Cellular base stations
-52	Cellular user equipment (phones, modules)
-53	UWB

For a 4G/5G cellular module integrated in an IoT product, for example, the file typically cites EN 301 489-1 + EN 301 489-52 + EN 301 489-17 if the module also supports Wi-Fi.

Article 3.2: Efficient use of spectrum

The most visible RED standard family. For each frequency band and technology, a harmonised standard defines:

maximum transmission powers (EIRP),
spectral masks (bandwidth, out-of-band emissions),
mandatory protocols (DFS, TPC, LBT, AFA, AFH),
authorised operating modes.

Sub-1 GHz (short-range SRD)

Standard	Band	Main sub-bands
EN 300 220	25 MHz – 1 GHz	868 MHz (G1 to G4), 433 MHz, 169 MHz
EN 300 422	Wireless microphones	25 MHz – 3 GHz
EN 300 330	Inductive 9 kHz – 30 MHz	RFID 125 kHz, NFC 13.56 MHz
EN 300 113	PMR VHF/UHF	30 MHz – 1 GHz
EN 303 098	RFID 13.56 MHz cards	NFC, readers
EN 303 348	Smart meters 169 MHz	Wireless M-Bus

For the 868 MHz band (the most used for LoRa and Sigfox), sub-bands G1 to G4 have different power and duty cycle limits:

Sub-band	Frequency	Max EIRP	Duty cycle
G1	863.0 – 865.0 MHz	25 mW	0.1 %
G2	865.0 – 868.0 MHz	25 mW	1 %
G3 (most used)	868.0 – 868.6 MHz	25 mW	1 %
G3b	868.7 – 869.2 MHz	25 mW	0.1 %
G4	869.4 – 869.65 MHz	500 mW	10 %

LoRa typically uses G3; Sigfox too. Higher-power solutions (Z-Wave long range, certain meters) may migrate to G4 subject to respecting the 10 % duty cycle.

Wi-Fi/BLE 2.4 and 5 GHz bands

Standard	Band	Characteristics
EN 300 328	2.4 GHz (2400–2483.5 MHz)	EIRP 20 dBm, occupancy < 10 %/50 ms
EN 301 893	5 GHz (5150–5350, 5470–5725)	EIRP 23/30 dBm, DFS/TPC required
EN 303 687	6 GHz (5945–6425)	EIRP 23 dBm LPI (indoor), 14 dBm VLP (portable, indoor or outdoor)

EN 300 328 is the most widely used standard. It defines three access protocols:

Adaptive Frequency Hopping (AFH), for Bluetooth which hops between channels to avoid interference;
Listen Before Talk (LBT), channel-clear detection before transmission;
Adaptive Power Control (APC), dynamic power adjustment.

At least one of these protocols must be implemented to benefit from the presumption of conformity.

Cellular bands

Standard	Generation	Typical EU bands
EN 301 511	GSM 2G	B3 (1800), B8 (900)
EN 301 908-1	UMTS 3G	B1 (2100), B8 (900)
EN 301 908-13	LTE 4G	B1, B3, B7, B8, B20, B28
EN 301 908-25	5G NR	n1, n3, n7, n8, n20, n28, n78, n79

Cellular tests are the most expensive (€15,000–60,000) because they involve an RF anechoic chamber with a simulated base station and standardised 3GPP test suites.

Special bands

Standard	Application
EN 302 065	UWB 6-8.5 GHz, short-range applications
EN 302 208	UHF RFID 860-870 MHz (logistics, anti-theft)
EN 300 718	Avalanche transceivers 457 kHz
EN 303 213	Millimetre imagers 75-110 GHz (automotive radar)
EN 303 396	Receivers only (broadcasting and others)

Article 3.3: Cybersecurity (since August 2025)

The EN 18031 harmonised standards were published in 2024 to cover sub-articles 3.3(d), (e), (f). They are structured in three independent parts.

EN 18031-1: network protection (article 3.3(d))

Covers network protection against attacks originating from the equipment (botnets, amplified DDoS, malware propagation). Requirements:

Network authentication by the equipment before connection
Limitation of unsolicited outgoing connections
Anti-flood mechanisms for application protocols
Documented and signed security updates
Default disabling of unnecessary services
Security logs archived and usable

EN 18031-2: personal data protection (article 3.3(e))

Covers confidentiality and integrity of personal data processed by the equipment. Requirements:

Encryption of communications containing sensitive data (TLS 1.2+, AES, etc.)
Encrypted or inaccessible storage of secrets (keys, passwords)
Access control to sensitive functions
Secure erasure of data at end-of-life or reset
Documentation of collected data and processing
Update of cryptographic components against vulnerabilities

EN 18031-3: protection against fraud (article 3.3(f))

Covers integrity of financial transactions and payments. Requirements:

Strong authentication for any financial operation
Non-repudiation integrity of transactions
Protection against replays and manipulations
Audit trail of financial operations
Conformity to applicable payment standards (PCI DSS, EMV...)

Assurance levels

The three standards define three assurance levels (close to Common Criteria):

Basic, manufacturer-documented self-assessment
Substantial, independent third-party assessment
High, rigorous assessment + penetration testing

For a consumer IoT product, Basic or Substantial is generally applicable. Higher levels are reserved for sensitive products (financial transactions, critical infrastructure).

RED standards lifecycle

Like all harmonised standards, RED standards are published in the OJEU then evolve through amendments and revisions. Some points specific to RED:

ETSI standards (EN 3xx xxx) use V_x.y.z (YYYY-MM) notation rather than a simple date. Ex: EN 300 328 V2.2.2 (2019-07).
ETSI amendments are published as complete new versions, not as separate amendments.
The coexistence period of a new version is typically 18 to 24 months in the OJEU.

To verify the version in force, consult:

EUR-Lex: Commission communications in OJEU C series titled "Reference of harmonised standards for directive 2014/53/EU".
ETSI portal, each standard has a sheet with its history and status.
Single Market & Standards of the Commission, consolidated list by directive.

How to reference RED standards in the DoC

The DoC must cite the exact references in ETSI format:

EN 300 328 V2.2.2 (2019-07)
EN 301 489-1 V2.2.3 (2019-11)
EN 301 489-17 V3.2.4 (2020-09)
EN 62368-1:2020/A11:2020
EN 62311:2020
EN 18031-1:2024
EN 18031-2:2024

An imprecise reference ("EN 300 328" without version) is a classic ground for rejection. Always respect the format published in the OJEU.

In summary

A typical RED certification cites 5 to 7 harmonised standards (safety + EMC + spectrum + cybersecurity + electrical safety).
3.2 (spectrum) standards are the most visible; one standard is needed per band and per technology.
3.3 (cybersecurity) standards are the 2025 novelty and the least mastered subject in practice.
The ETSI V_x.y.z reference format must be respected to the letter.
OJEU watch is essential, standards evolve quickly, particularly for Wi-Fi 6E/7 and 5G.

For practical implementation, see Required tests and Procedure.

Sources & references

Consolidated list of RED harmonised standards , European Commission single-market-economy.ec.europa.eu/sectors/electrical-and-electronic-engineering-industries-eei/radio-equipment-directive-red_en
ETSI portal , ETSI www.etsi.org/standards
Delegated Regulation (EU) 2022/30 , EUR-Lex eur-lex.europa.eu/eli/reg_del/2022/30/oj