RED required tests (health, EMC, spectrum, cybersecurity)

Author Hugues Orgitello Last updated 25 May 2026

RED · Pillar

RED tests cover four families per articles 3.1 to 3.3 of the directive. This page details each family, methods, equipment, limits, with particular focus on article 3.3 cybersecurity activated since August 2025, the least mastered subject in 2026.

Article 3.1(a): Health and safety (RF exposure)

European limits

EMF exposure limits are defined by Council Recommendation 1999/519/EC, based on ICNIRP guidelines. For the general public:

Quantity	Range	Reference value
Electric field	100 kHz – 10 MHz	87/√f V/m
Electric field	10 MHz – 400 MHz	28 V/m
Electric field	400 MHz – 2 GHz	1.375·√f V/m
Electric field	2 GHz – 300 GHz	61 V/m
Power density	10 MHz – 300 GHz	f/200 W/m² (max 10 W/m²)
Localised SAR head/trunk	,	2.0 W/kg (10 g, 6 min average)
Localised SAR limbs	,	4.0 W/kg (10 g, 6 min average)
Whole-body SAR	,	0.08 W/kg (mass average)

SAR method for worn equipment

For products used within 20 cm of the body (phones, smart watches, certain wearable sensors), the SAR test is mandatory:

Preparation: equipment fully charged, configured at maximum transmission.
Phantom: anatomical model with liquid simulating tissues at the assessed frequency.
Measurement: robotic dosimetric probe scanning the phantom, electric field measurement converted to SAR.
Assessment: SAR averaged over 10 g, compared to limit.

Methods: EN 50360 (head), EN 50566 (body), EN 62209-1/-2/-3 (general).

Typical cost: €4,000 to €10,000 per tested configuration. For a multi-band phone, count 4 to 8 configurations.

Fixed or non-worn equipment

For fixed or remotely installed equipment (IP cameras, routers, wall sensors), EN 62311 allows documentary assessment. Method:

Calculation of power density at intended use distance.
Calculation of corresponding electric field.
Comparison with public limits.

For a Wi-Fi access point at 20 dBm EIRP, the field at 30 cm is typically 2-3 V/m, well below the authorised 28 V/m. The assessment takes the form of a technical report included in the file; no physical laboratory measurement required.

Article 3.1(b): Radio electromagnetic compatibility

The EN 301 489 series defines EMC tests specific to radio equipment. Particularities versus generic EMC:

Tests in active transmission AND reception (two distinct configurations).
Degraded performance criterion during immunity (temporary communication loss accepted for non-critical radios).
Extended frequency range: 30 MHz to 18 GHz for radio products (instead of 30 MHz – 1 GHz in classic EMC).

Radio emissions (article 3.1(b))

Phenomenon	Method	Typical limit
Conducted emissions (mains)	LISN + analyser 150 kHz – 30 MHz	Class B
Radiated emissions (enclosure)	Antenna 30 MHz – 6 GHz	Class B with used-band exemptions
Transmitter spurious emissions	Extended spectrum measurement	Per-band limits EN 301 489-X

Radio immunity

Phenomenon	Level	Typical criterion
ESD ± 8 kV contact / ± 15 kV air	EN 61000-4-2	B (auto-recovery)
Radiated RF 3 V/m	EN 61000-4-3	A in reception, B in transmission
EFT ± 2 kV	EN 61000-4-4	B
Surge ± 2 kV / ± 4 kV	EN 61000-4-5	B
Conducted RF 3 V	EN 61000-4-6	A/B

Typical radio EMC campaign cost: €5,000 to €15,000.

Article 3.2: Efficient use of spectrum

The most visible test family. For each band and technology, the harmonised standard defines strict limits.

Wi-Fi 2.4 GHz: EN 300 328

Parameter	Limit
Maximum EIRP	20 dBm (100 mW)
Spectral density	10 dBm / MHz
Spectral occupancy	< 10 % per 50 ms period
Access mechanism	AFH, LBT or APC required
Out-of-band emissions	-10 dBm/MHz beyond limits
Spurious	< -40 dBm typical

Tests: EIRP measurement, spectral mask, occupancy duration, interference behaviour. Typical cost: €6,000 to €15,000.

Wi-Fi 5 GHz: EN 301 893

Two main sub-bands:

5150-5350 MHz: EIRP 23 dBm (200 mW), TPC mandatory above 20 dBm.
5470-5725 MHz: EIRP 30 dBm (1 W), DFS mandatory to avoid weather radars.

Tests: EIRP, mask, DFS (radar detection and channel switching), TPC (dynamic power control).

Sub-GHz 868 MHz: EN 300 220

Sub-bands G1 to G4 with different limits (see RED standards). For sub-band G3 (868-868.6 MHz, the most used for LoRa):

EIRP 25 mW
Duty cycle 1 %
Out-of-band emissions per mask

Cellular 2G/3G/4G/5G

Cellular tests are the most expensive because they use simulated base stations and require conformity to 3GPP test suites. Typical bands in Europe:

2G: 900 MHz (B8), 1800 MHz (B3)
3G: 2100 MHz (B1), 900 MHz (B8)
4G LTE: B1, B3, B7, B8, B20, B28
5G NR: n1, n3, n7, n8, n20, n28, n78, n79

Cost of a complete LTE/5G campaign: €15,000 to €60,000 depending on band count.

Measurements in RF anechoic chamber

All article 3.2 tests are performed in a calibrated RF anechoic chamber:

Measurement distance: 3 m typical for low bands, shorter for high bands.
Measurement antenna calibrated for the range used.
Rotating platform for azimuth measurement.
Adjustable antenna mast for elevation measurement.

Labs accredited ISO/IEC 17025 with RED article 3.2 scope can be counted on one hand per country (TÜV, DEKRA, Bureau Veritas, INTERTEK, NCC, CETECOM, 7Layers in Europe).

Article 3.3: Cybersecurity (since August 2025)

Assessment logic

The EN 18031 standards introduce a methodology of evaluation by assurance levels inspired by Common Criteria:

Basic, manufacturer-documented self-assessment, level expected for most consumer IoT products.
Substantial, independent third-party assessment, level expected for products handling sensitive data.
High, rigorous assessment with penetration testing, level expected for critical products.

The assessment always follows 6 steps:

Security architecture analysis, component diagram, data flows, trust boundaries.
Risk identification, threats, vulnerabilities, impacts.
Control inventory, authentication, encryption, logging mechanisms, etc.
Implementation verification, code review, functional tests, configuration audit.
Robustness tests, negative tests, fuzzing, attack scenarios (per level).
Documentation and conclusion, assessment report, maintenance plan.

EN 18031-1: network protection (3.3(d))

Covers network protection against attacks originating from the equipment. Evaluated controls:

Equipment authentication with the network (certificates, pre-shared keys)
Limitation of unsolicited outgoing connections
Identity spoofing protection
Documented, signed, verifiable security updates
Default disabling of unnecessary services
Logging of security events
User documentation on lifecycle management

Assessment method: network architecture review, authentication tests, update channel verification.

EN 18031-2: personal data protection (3.3(e))

Covers confidentiality and integrity of data. Evaluated controls:

Communication encryption of sensitive data: TLS 1.2+ recommended, AES-128 minimum for payload, perfect forward secrecy
Encrypted secret storage: keys, passwords, tokens
Authentication management: strong default passwords, MFA for sensitive functions
Secure erasure on reset or end-of-life
Collected data documentation (type, purpose, retention period)
Cryptographic update: obsolete algorithms disablable

Method: data flow analysis, encryption verification, erasure tests.

EN 18031-3: protection against fraud (3.3(f))

Covers integrity of financial transactions. Evaluated controls:

Strong authentication for financial operations
Integrity and non-repudiation of transactions
Replay protection (nonces, signed timestamps)
Audit trail of operations
Conformity with PCI DSS / EMV / 3DS standards as applicable

Method: transaction protocol review, manipulation tests, audit trail verification.

Cybersecurity costs and timing

Level	Typical cost	Timing
Basic (self-assessment)	€0 (internal) to €8,000 (external assistance)	4-8 weeks
Substantial (third party)	€15,000 – €40,000	8-16 weeks
High (with pentest)	€40,000 – €100,000+	16-24 weeks

Cybersecurity RED-specialised labs are rare in 2026, fewer than 10 entities in Europe hold an EN 18031 accreditation scope. CETECOM, Element, INTERTEK and SGS were first to position themselves.

Internal pre-tests vs external lab

As for other directives, the effective strategy is internal pre-testing to clear gross issues, then external lab validation.

Family	Internal pre-test possible?	Conditions
Conducted emissions	Yes	Spectrum analyser + LISN
Radiated emissions	Difficult	Semi-anechoic chamber or partial tests
ESD immunity	Yes	Calibrated ESD gun
Radiated RF immunity	No	Chamber + amplifier
Article 3.2 (spectrum)	Partial	Conducted EIRP measurement possible, radiated not
SAR	No	Specialised robotic system
EN 18031 cybersecurity	Yes (basic)	Architecture review, automated scan
3GPP cellular	No	Simulated base station required

Typical RED campaign plan

For an IoT Wi-Fi/BLE + LoRa + 3.3 basic cybersecurity product:

Week 1-2 : Internal pre-tests (EMC, radio EIRP, electrical safety)
Week 3-4 : Design fixes
Week 5   : Shipment to external lab
Week 6   : EMC and radio tests (5 days)
Week 7   : LVD safety tests (3 days)
Week 8   : EN 18031-1/-2 basic level assessment (5 days)
Week 9   : Preliminary report reception
Week 10  : Fixes + retests if needed
Week 11  : Signed final reports
Week 12  : File assembly + DoC

Total: 12 weeks for a standard product, excluding major retests.

Indicative costs

Campaign	Range (excl. VAT)
SAR (per configuration)	€4,000 – €10,000
Radio EMC (EN 301 489 + EN 301 489-X)	€5,000 – €15,000
Wi-Fi 2.4 GHz (EN 300 328)	€6,000 – €15,000
Wi-Fi 5 GHz (EN 301 893)	€8,000 – €18,000
Sub-GHz 868 MHz (EN 300 220)	€4,000 – €10,000
Complete cellular LTE/5G	€15,000 – €60,000
LVD safety (EN 62368-1)	€5,000 – €15,000
Cybersecurity basic (EN 18031)	€0 – €8,000
Cybersecurity substantial	€15,000 – €40,000
Cybersecurity high + pentest	€40,000 – €100,000

A complete RED certification of a Wi-Fi/BLE + basic cybersecurity IoT product is typically between €25,000 and €60,000. A cellular product with substantial cybersecurity easily reaches €100,000 to €150,000.