Skip to content

RED required tests (health, EMC, spectrum, cybersecurity)

RED · Pillar

RED tests cover four families per articles 3.1 to 3.3 of the directive. This page details each family, methods, equipment, limits, with particular focus on article 3.3 cybersecurity activated since August 2025, the least mastered subject in 2026.

Article 3.1(a): Health and safety (RF exposure)

Section titled “Article 3.1(a): Health and safety (RF exposure)”

EMF exposure limits are defined by Council Recommendation 1999/519/EC, based on ICNIRP guidelines. For the general public:

QuantityRangeReference value
Electric field1 MHz – 10 MHz87/√f V/m
Electric field10 MHz – 400 MHz28 V/m
Electric field400 MHz – 2 GHz1.375·√f V/m
Electric field2 GHz – 300 GHz61 V/m
Power density400 MHz – 2 GHzf/200 W/m²
Power density2 GHz – 300 GHz10 W/m²
Localised SAR head/trunk,2.0 W/kg (10 g, 6 min average)
Localised SAR limbs,4.0 W/kg (10 g, 6 min average)
Whole-body SAR,0.08 W/kg (mass average)

For products used within 20 cm of the body (phones, smart watches, certain wearable sensors), the SAR test is mandatory:

  1. Preparation: equipment fully charged, configured at maximum transmission.
  2. Phantom: anatomical model with liquid simulating tissues at the assessed frequency.
  3. Measurement: robotic dosimetric probe scanning the phantom, electric field measurement converted to SAR.
  4. Assessment: SAR averaged over 10 g, compared to limit.

Methods: EN 50360 (head), EN 50566 (body), EN 62209-1/-2/-3 (general).

Typical cost: €4,000 to €10,000 per tested configuration. For a multi-band phone, count 4 to 8 configurations.

For fixed or remotely installed equipment (IP cameras, routers, wall sensors), EN 62311 allows documentary assessment. Method:

  1. Calculation of power density at intended use distance.
  2. Calculation of corresponding electric field.
  3. Comparison with public limits.

For a Wi-Fi access point at 20 dBm EIRP, the field at 30 cm is typically 2-3 V/m, well below the authorised 28 V/m. The assessment takes the form of a technical report included in the file; no physical laboratory measurement required.

Article 3.1(b): Radio electromagnetic compatibility

Section titled “Article 3.1(b): Radio electromagnetic compatibility”

The EN 301 489 series defines EMC tests specific to radio equipment. Particularities versus generic EMC:

  • Tests in active transmission AND reception (two distinct configurations).
  • Degraded performance criterion during immunity (temporary communication loss accepted for non-critical radios).
  • Extended frequency range: EMC emissions measured above 1 GHz per the EN 55032 internal-frequency rules (typically up to 6 GHz); radio spurious emissions go further still under the article 3.2 standards (into the tens of GHz for 5 and 6 GHz radios).
PhenomenonMethodTypical limit
Conducted emissions (mains)LISN + analyser 150 kHz – 30 MHzClass B
Radiated emissions (enclosure)Antenna 30 MHz – 6 GHzClass B with used-band exemptions
Transmitter spurious emissionsExtended spectrum measurementPer-band limits EN 301 489-X
PhenomenonLevelTypical criterion
ESD ± 8 kV contact / ± 15 kV airEN 61000-4-2B (auto-recovery)
Radiated RF 3 V/mEN 61000-4-3A in reception, B in transmission
EFT ± 2 kVEN 61000-4-4B
Surge ± 2 kV / ± 4 kVEN 61000-4-5B
Conducted RF 3 VEN 61000-4-6A/B

Typical radio EMC campaign cost: €5,000 to €15,000.

The most visible test family. For each band and technology, the harmonised standard defines strict limits.

ParameterLimit
Maximum EIRP20 dBm (100 mW)
Spectral density10 dBm / MHz
Medium Utilisation (non-adaptive)≤ 10 %
Access mechanismAdaptivity (LBT / adaptive frequency hopping) or MU limit
Out-of-band emissions-10 dBm/MHz beyond band edges
Spurious-36 dBm below 1 GHz, -30 dBm above

Tests: EIRP measurement, spectral mask, occupancy duration, interference behaviour. Typical cost: €6,000 to €15,000.

Two main sub-bands:

  • 5150-5350 MHz: EIRP 23 dBm (200 mW), DFS and TPC required in the 5250-5350 MHz portion.
  • 5470-5725 MHz: EIRP 30 dBm (1 W), DFS mandatory to avoid weather radars.

Tests: EIRP, mask, DFS (radar detection and channel switching), TPC (dynamic power control).

Sub-bands G1 to G4 with different limits (see RED standards). For sub-band G3 (868-868.6 MHz, the most used for LoRa):

  • EIRP 25 mW
  • Duty cycle 1 %
  • Out-of-band emissions per mask

Cellular tests are the most expensive because they use simulated base stations and require conformity to 3GPP test suites. Typical bands in Europe:

  • 2G: 900 MHz (B8), 1800 MHz (B3)
  • 3G: 2100 MHz (B1), 900 MHz (B8)
  • 4G LTE: B1, B3, B7, B8, B20, B28
  • 5G NR: n1, n3, n7, n8, n20, n28, n78, n79

Cost of a complete LTE/5G campaign: €15,000 to €60,000 depending on band count.

All article 3.2 tests are performed in a calibrated RF anechoic chamber:

  • Measurement distance: 3 m typical for low bands, shorter for high bands.
  • Measurement antenna calibrated for the range used.
  • Rotating platform for azimuth measurement.
  • Adjustable antenna mast for elevation measurement.

Labs accredited ISO/IEC 17025 with RED article 3.2 scope can be counted on one hand per country (TÜV, DEKRA, Bureau Veritas, INTERTEK, NCC, CETECOM, 7Layers in Europe).

Article 3.3: Cybersecurity (since August 2025)

Section titled “Article 3.3: Cybersecurity (since August 2025)”

The EN 18031 standards do not define assurance levels (basic / substantial / high belong to the Cybersecurity Act framework). They introduce a decision-tree methodology assessed pass or fail:

  • Decision trees per requirement determine whether it applies to the product.
  • Each applicable security mechanism gets a conceptual assessment (documented justification) plus functional completeness and functional sufficiency assessments.
  • Self-assessment (module A) is possible when the standards are applied in full and no OJEU-citation restriction of Implementing Decision (EU) 2025/138 is triggered (no-password clauses, parental controls for toys and childcare in EN 18031-2, secure updates for financial assets in EN 18031-3); otherwise a Notified Body is required (module B + C).

The assessment always follows 6 steps:

  1. Security architecture analysis, component diagram, data flows, trust boundaries.
  2. Risk identification, threats, vulnerabilities, impacts.
  3. Control inventory, authentication, encryption, logging mechanisms, etc.
  4. Implementation verification, code review, functional tests, configuration audit.
  5. Robustness tests, negative tests, fuzzing, attack scenarios (where the mechanisms warrant them).
  6. Documentation and conclusion, assessment report, maintenance plan.

Covers network protection against attacks originating from the equipment. Evaluated controls:

  • Equipment authentication with the network (certificates, pre-shared keys)
  • Limitation of unsolicited outgoing connections
  • Identity spoofing protection
  • Documented, signed, verifiable security updates
  • Default disabling of unnecessary services
  • Logging of security events
  • User documentation on lifecycle management

Assessment method: network architecture review, authentication tests, update channel verification.

EN 18031-2: personal data protection (3.3(e))

Section titled “EN 18031-2: personal data protection (3.3(e))”

Covers confidentiality and integrity of data. Evaluated controls:

  • Communication encryption of sensitive data: TLS 1.2+ recommended, AES-128 minimum for payload, perfect forward secrecy
  • Encrypted secret storage: keys, passwords, tokens
  • Authentication management: strong default passwords, MFA for sensitive functions
  • Secure erasure on reset or end-of-life
  • Collected data documentation (type, purpose, retention period)
  • Cryptographic update: obsolete algorithms disablable

Method: data flow analysis, encryption verification, erasure tests.

EN 18031-3: protection against fraud (3.3(f))

Section titled “EN 18031-3: protection against fraud (3.3(f))”

Covers integrity of financial transactions. Evaluated controls:

  • Strong authentication for financial operations
  • Integrity and non-repudiation of transactions
  • Replay protection (nonces, signed timestamps)
  • Audit trail of operations
  • Conformity with PCI DSS / EMV / 3DS standards as applicable

Method: transaction protocol review, manipulation tests, audit trail verification.

Conformity routeTypical costTiming
Self-assessment (module A)€0 (internal) to €8,000 (external assistance)4-8 weeks
Accredited third-party lab campaign€15,000 – €40,0008-16 weeks
Notified Body route with security testing€40,000 – €100,000+16-24 weeks

Cybersecurity RED-specialised labs remain rare in 2026; only a small number of entities in Europe hold an EN 18031 accreditation scope. CETECOM, Element, INTERTEK and SGS were among the first to position themselves.

As for other directives, the effective strategy is internal pre-testing to clear gross issues, then external lab validation.

FamilyInternal pre-test possible?Conditions
Conducted emissionsYesSpectrum analyser + LISN
Radiated emissionsDifficultSemi-anechoic chamber or partial tests
ESD immunityYesCalibrated ESD gun
Radiated RF immunityNoChamber + amplifier
Article 3.2 (spectrum)PartialConducted EIRP measurement possible, radiated not
SARNoSpecialised robotic system
EN 18031 cybersecurityYes (self-assessment)Architecture review, automated scan
3GPP cellularNoSimulated base station required

For an IoT Wi-Fi/BLE + LoRa product with self-assessed 3.3 cybersecurity:

Week 1-2 : Internal pre-tests (EMC, radio EIRP, electrical safety)
Week 3-4 : Design fixes
Week 5 : Shipment to external lab
Week 6 : EMC and radio tests (5 days)
Week 7 : LVD safety tests (3 days)
Week 8 : EN 18031-1/-2 assessment (5 days)
Week 9 : Preliminary report reception
Week 10 : Fixes + retests if needed
Week 11 : Signed final reports
Week 12 : File assembly + DoC

Total: 12 weeks for a standard product, excluding major retests.

CampaignRange (excl. VAT)
SAR (per configuration)€4,000 – €10,000
Radio EMC (EN 301 489 + EN 301 489-X)€5,000 – €15,000
Wi-Fi 2.4 GHz (EN 300 328)€6,000 – €15,000
Wi-Fi 5 GHz (EN 301 893)€8,000 – €18,000
Sub-GHz 868 MHz (EN 300 220)€4,000 – €10,000
Complete cellular LTE/5G€15,000 – €60,000
LVD safety (EN 62368-1)€5,000 – €15,000
Cybersecurity self-assessed (EN 18031)€0 – €8,000
Cybersecurity third-party lab€15,000 – €40,000
Cybersecurity Notified Body route + pentest€40,000 – €100,000

A complete RED certification of a Wi-Fi/BLE IoT product with self-assessed cybersecurity is typically between €25,000 and €60,000. A cellular product with third-party cybersecurity assessment easily reaches €100,000 to €150,000.

Sources & references

  1. Council Recommendation 1999/519/EC, public EMF exposure limits , EU Council eur-lex.europa.eu/eli/reco/1999/519/oj
  2. ICNIRP Guidelines 2020 , ICNIRP www.icnirp.org/
  3. EN 18031 series: Cybersecurity for radio equipment , CENELEC www.cenelec.eu/