RED required tests (health, EMC, spectrum, cybersecurity)
RED · Pillar
RED tests cover four families per articles 3.1 to 3.3 of the directive. This page details each family, methods, equipment, limits, with particular focus on article 3.3 cybersecurity activated since August 2025, the least mastered subject in 2026.
Article 3.1(a): Health and safety (RF exposure)
Section titled “Article 3.1(a): Health and safety (RF exposure)”European limits
Section titled “European limits”EMF exposure limits are defined by Council Recommendation 1999/519/EC, based on ICNIRP guidelines. For the general public:
| Quantity | Range | Reference value |
|---|---|---|
| Electric field | 1 MHz – 10 MHz | 87/√f V/m |
| Electric field | 10 MHz – 400 MHz | 28 V/m |
| Electric field | 400 MHz – 2 GHz | 1.375·√f V/m |
| Electric field | 2 GHz – 300 GHz | 61 V/m |
| Power density | 400 MHz – 2 GHz | f/200 W/m² |
| Power density | 2 GHz – 300 GHz | 10 W/m² |
| Localised SAR head/trunk | , | 2.0 W/kg (10 g, 6 min average) |
| Localised SAR limbs | , | 4.0 W/kg (10 g, 6 min average) |
| Whole-body SAR | , | 0.08 W/kg (mass average) |
SAR method for worn equipment
Section titled “SAR method for worn equipment”For products used within 20 cm of the body (phones, smart watches, certain wearable sensors), the SAR test is mandatory:
- Preparation: equipment fully charged, configured at maximum transmission.
- Phantom: anatomical model with liquid simulating tissues at the assessed frequency.
- Measurement: robotic dosimetric probe scanning the phantom, electric field measurement converted to SAR.
- Assessment: SAR averaged over 10 g, compared to limit.
Methods: EN 50360 (head), EN 50566 (body), EN 62209-1/-2/-3 (general).
Typical cost: €4,000 to €10,000 per tested configuration. For a multi-band phone, count 4 to 8 configurations.
Fixed or non-worn equipment
Section titled “Fixed or non-worn equipment”For fixed or remotely installed equipment (IP cameras, routers, wall sensors), EN 62311 allows documentary assessment. Method:
- Calculation of power density at intended use distance.
- Calculation of corresponding electric field.
- Comparison with public limits.
For a Wi-Fi access point at 20 dBm EIRP, the field at 30 cm is typically 2-3 V/m, well below the authorised 28 V/m. The assessment takes the form of a technical report included in the file; no physical laboratory measurement required.
Article 3.1(b): Radio electromagnetic compatibility
Section titled “Article 3.1(b): Radio electromagnetic compatibility”The EN 301 489 series defines EMC tests specific to radio equipment. Particularities versus generic EMC:
- Tests in active transmission AND reception (two distinct configurations).
- Degraded performance criterion during immunity (temporary communication loss accepted for non-critical radios).
- Extended frequency range: EMC emissions measured above 1 GHz per the EN 55032 internal-frequency rules (typically up to 6 GHz); radio spurious emissions go further still under the article 3.2 standards (into the tens of GHz for 5 and 6 GHz radios).
Radio emissions (article 3.1(b))
Section titled “Radio emissions (article 3.1(b))”| Phenomenon | Method | Typical limit |
|---|---|---|
| Conducted emissions (mains) | LISN + analyser 150 kHz – 30 MHz | Class B |
| Radiated emissions (enclosure) | Antenna 30 MHz – 6 GHz | Class B with used-band exemptions |
| Transmitter spurious emissions | Extended spectrum measurement | Per-band limits EN 301 489-X |
Radio immunity
Section titled “Radio immunity”| Phenomenon | Level | Typical criterion |
|---|---|---|
| ESD ± 8 kV contact / ± 15 kV air | EN 61000-4-2 | B (auto-recovery) |
| Radiated RF 3 V/m | EN 61000-4-3 | A in reception, B in transmission |
| EFT ± 2 kV | EN 61000-4-4 | B |
| Surge ± 2 kV / ± 4 kV | EN 61000-4-5 | B |
| Conducted RF 3 V | EN 61000-4-6 | A/B |
Typical radio EMC campaign cost: €5,000 to €15,000.
Article 3.2: Efficient use of spectrum
Section titled “Article 3.2: Efficient use of spectrum”The most visible test family. For each band and technology, the harmonised standard defines strict limits.
Wi-Fi 2.4 GHz: EN 300 328
Section titled “Wi-Fi 2.4 GHz: EN 300 328”| Parameter | Limit |
|---|---|
| Maximum EIRP | 20 dBm (100 mW) |
| Spectral density | 10 dBm / MHz |
| Medium Utilisation (non-adaptive) | ≤ 10 % |
| Access mechanism | Adaptivity (LBT / adaptive frequency hopping) or MU limit |
| Out-of-band emissions | -10 dBm/MHz beyond band edges |
| Spurious | -36 dBm below 1 GHz, -30 dBm above |
Tests: EIRP measurement, spectral mask, occupancy duration, interference behaviour. Typical cost: €6,000 to €15,000.
Wi-Fi 5 GHz: EN 301 893
Section titled “Wi-Fi 5 GHz: EN 301 893”Two main sub-bands:
- 5150-5350 MHz: EIRP 23 dBm (200 mW), DFS and TPC required in the 5250-5350 MHz portion.
- 5470-5725 MHz: EIRP 30 dBm (1 W), DFS mandatory to avoid weather radars.
Tests: EIRP, mask, DFS (radar detection and channel switching), TPC (dynamic power control).
Sub-GHz 868 MHz: EN 300 220
Section titled “Sub-GHz 868 MHz: EN 300 220”Sub-bands G1 to G4 with different limits (see RED standards). For sub-band G3 (868-868.6 MHz, the most used for LoRa):
- EIRP 25 mW
- Duty cycle 1 %
- Out-of-band emissions per mask
Cellular 2G/3G/4G/5G
Section titled “Cellular 2G/3G/4G/5G”Cellular tests are the most expensive because they use simulated base stations and require conformity to 3GPP test suites. Typical bands in Europe:
- 2G: 900 MHz (B8), 1800 MHz (B3)
- 3G: 2100 MHz (B1), 900 MHz (B8)
- 4G LTE: B1, B3, B7, B8, B20, B28
- 5G NR: n1, n3, n7, n8, n20, n28, n78, n79
Cost of a complete LTE/5G campaign: €15,000 to €60,000 depending on band count.
Measurements in RF anechoic chamber
Section titled “Measurements in RF anechoic chamber”All article 3.2 tests are performed in a calibrated RF anechoic chamber:
- Measurement distance: 3 m typical for low bands, shorter for high bands.
- Measurement antenna calibrated for the range used.
- Rotating platform for azimuth measurement.
- Adjustable antenna mast for elevation measurement.
Labs accredited ISO/IEC 17025 with RED article 3.2 scope can be counted on one hand per country (TÜV, DEKRA, Bureau Veritas, INTERTEK, NCC, CETECOM, 7Layers in Europe).
Article 3.3: Cybersecurity (since August 2025)
Section titled “Article 3.3: Cybersecurity (since August 2025)”Assessment logic
Section titled “Assessment logic”The EN 18031 standards do not define assurance levels (basic / substantial / high belong to the Cybersecurity Act framework). They introduce a decision-tree methodology assessed pass or fail:
- Decision trees per requirement determine whether it applies to the product.
- Each applicable security mechanism gets a conceptual assessment (documented justification) plus functional completeness and functional sufficiency assessments.
- Self-assessment (module A) is possible when the standards are applied in full and no OJEU-citation restriction of Implementing Decision (EU) 2025/138 is triggered (no-password clauses, parental controls for toys and childcare in EN 18031-2, secure updates for financial assets in EN 18031-3); otherwise a Notified Body is required (module B + C).
The assessment always follows 6 steps:
- Security architecture analysis, component diagram, data flows, trust boundaries.
- Risk identification, threats, vulnerabilities, impacts.
- Control inventory, authentication, encryption, logging mechanisms, etc.
- Implementation verification, code review, functional tests, configuration audit.
- Robustness tests, negative tests, fuzzing, attack scenarios (where the mechanisms warrant them).
- Documentation and conclusion, assessment report, maintenance plan.
EN 18031-1: network protection (3.3(d))
Section titled “EN 18031-1: network protection (3.3(d))”Covers network protection against attacks originating from the equipment. Evaluated controls:
- Equipment authentication with the network (certificates, pre-shared keys)
- Limitation of unsolicited outgoing connections
- Identity spoofing protection
- Documented, signed, verifiable security updates
- Default disabling of unnecessary services
- Logging of security events
- User documentation on lifecycle management
Assessment method: network architecture review, authentication tests, update channel verification.
EN 18031-2: personal data protection (3.3(e))
Section titled “EN 18031-2: personal data protection (3.3(e))”Covers confidentiality and integrity of data. Evaluated controls:
- Communication encryption of sensitive data: TLS 1.2+ recommended, AES-128 minimum for payload, perfect forward secrecy
- Encrypted secret storage: keys, passwords, tokens
- Authentication management: strong default passwords, MFA for sensitive functions
- Secure erasure on reset or end-of-life
- Collected data documentation (type, purpose, retention period)
- Cryptographic update: obsolete algorithms disablable
Method: data flow analysis, encryption verification, erasure tests.
EN 18031-3: protection against fraud (3.3(f))
Section titled “EN 18031-3: protection against fraud (3.3(f))”Covers integrity of financial transactions. Evaluated controls:
- Strong authentication for financial operations
- Integrity and non-repudiation of transactions
- Replay protection (nonces, signed timestamps)
- Audit trail of operations
- Conformity with PCI DSS / EMV / 3DS standards as applicable
Method: transaction protocol review, manipulation tests, audit trail verification.
Cybersecurity costs and timing
Section titled “Cybersecurity costs and timing”| Conformity route | Typical cost | Timing |
|---|---|---|
| Self-assessment (module A) | €0 (internal) to €8,000 (external assistance) | 4-8 weeks |
| Accredited third-party lab campaign | €15,000 – €40,000 | 8-16 weeks |
| Notified Body route with security testing | €40,000 – €100,000+ | 16-24 weeks |
Cybersecurity RED-specialised labs remain rare in 2026; only a small number of entities in Europe hold an EN 18031 accreditation scope. CETECOM, Element, INTERTEK and SGS were among the first to position themselves.
Internal pre-tests vs external lab
Section titled “Internal pre-tests vs external lab”As for other directives, the effective strategy is internal pre-testing to clear gross issues, then external lab validation.
| Family | Internal pre-test possible? | Conditions |
|---|---|---|
| Conducted emissions | Yes | Spectrum analyser + LISN |
| Radiated emissions | Difficult | Semi-anechoic chamber or partial tests |
| ESD immunity | Yes | Calibrated ESD gun |
| Radiated RF immunity | No | Chamber + amplifier |
| Article 3.2 (spectrum) | Partial | Conducted EIRP measurement possible, radiated not |
| SAR | No | Specialised robotic system |
| EN 18031 cybersecurity | Yes (self-assessment) | Architecture review, automated scan |
| 3GPP cellular | No | Simulated base station required |
Typical RED campaign plan
Section titled “Typical RED campaign plan”For an IoT Wi-Fi/BLE + LoRa product with self-assessed 3.3 cybersecurity:
Week 1-2 : Internal pre-tests (EMC, radio EIRP, electrical safety)Week 3-4 : Design fixesWeek 5 : Shipment to external labWeek 6 : EMC and radio tests (5 days)Week 7 : LVD safety tests (3 days)Week 8 : EN 18031-1/-2 assessment (5 days)Week 9 : Preliminary report receptionWeek 10 : Fixes + retests if neededWeek 11 : Signed final reportsWeek 12 : File assembly + DoCTotal: 12 weeks for a standard product, excluding major retests.
Indicative costs
Section titled “Indicative costs”| Campaign | Range (excl. VAT) |
|---|---|
| SAR (per configuration) | €4,000 – €10,000 |
| Radio EMC (EN 301 489 + EN 301 489-X) | €5,000 – €15,000 |
| Wi-Fi 2.4 GHz (EN 300 328) | €6,000 – €15,000 |
| Wi-Fi 5 GHz (EN 301 893) | €8,000 – €18,000 |
| Sub-GHz 868 MHz (EN 300 220) | €4,000 – €10,000 |
| Complete cellular LTE/5G | €15,000 – €60,000 |
| LVD safety (EN 62368-1) | €5,000 – €15,000 |
| Cybersecurity self-assessed (EN 18031) | €0 – €8,000 |
| Cybersecurity third-party lab | €15,000 – €40,000 |
| Cybersecurity Notified Body route + pentest | €40,000 – €100,000 |
A complete RED certification of a Wi-Fi/BLE IoT product with self-assessed cybersecurity is typically between €25,000 and €60,000. A cellular product with third-party cybersecurity assessment easily reaches €100,000 to €150,000.
Further reading
Section titled “Further reading”- RED procedure: assessment modules and Notified Bodies
- Technical file: Annex V and SDR
- Common pitfalls: recurring radio errors
- Harmonised standards: complete standards table
See also
Section titled “See also”- Radiated emissions EMC test: pre-scan and final scan: the radiated emission method used under EN 301 489 article 3.1(b).
- Pre-compliance EMC: TEM cell, near-field probes, LISN: internal pre-test bench to clear gross issues before the external campaign.
- EMC chamber types: SAC, FAR, OATS, GTEM, reverberation: chamber selection for RED article 3.1(b) and 3.2 measurements.
- Antenna design and impedance matching: antenna integration drives EIRP, mask and SAR results.
- Calibration and measurement uncertainty (GUM, CISPR): uncertainty budget for RED radio measurements.
Sources & references
- Council Recommendation 1999/519/EC, public EMF exposure limits , EU Council eur-lex.europa.eu/eli/reco/1999/519/oj
- ICNIRP Guidelines 2020 , ICNIRP www.icnirp.org/
- EN 18031 series: Cybersecurity for radio equipment , CENELEC www.cenelec.eu/