The Radio Equipment Directive sets essential requirements for radio equipment placed on the EU market, including cybersecurity, privacy, and interoperability obligations.
Focus: Wireless equipment, IoT compliance, cybersecurity for connected devices, CE marking, radio spectrum
Article 1 — Subject Matter and Scope
Article 2 — Definitions
Article 3 — Essential Requirements
Article 3(3)(d) — Network Protection
Article 3(3)(e) — Privacy Safeguards
Article 3(3)(f) — Fraud Prevention
Article 10 — Manufacturer Obligations
Article 17 — Conformity Assessment
Article 18 — EU Declaration of Conformity
Article 19 — CE Marking
GET /v1/frameworks/red/articles → 200 OK · structured JSON · official source
The Radio Equipment Directive (2014/53/EU) establishes a regulatory framework for placing radio equipment on the EU market. It sets essential requirements covering safety, electromagnetic compatibility, and efficient use of the radio spectrum. Crucially, Article 3(3)(d), (e), and (f) — activated by Delegated Regulation (EU) 2022/30 — add cybersecurity, privacy protection, and fraud prevention requirements for internet-connected radio equipment. These new cybersecurity obligations apply from 1 August 2025, making RED a key regulation for IoT device manufacturers.
The RED applies to manufacturers of radio equipment placed on the EU market, their authorised representatives, importers, and distributors. Radio equipment includes any product that intentionally emits or receives radio waves for communication or radio determination — from smartphones and Wi-Fi routers to IoT sensors, Bluetooth devices, and connected home appliances. Starting August 2025, the cybersecurity delegated act extends requirements to all internet-connected radio equipment, wearable devices, and child-related products with radio capability.
From 1 August 2025, internet-connected radio equipment must not harm network or infrastructure integrity (Article 3(3)(d)), must include safeguards to protect personal data and privacy (Article 3(3)(e)), and must support features to prevent fraud (Article 3(3)(f)). Manufacturers must perform conformity assessments, apply CE marking, and issue EU declarations of conformity. The CRA will eventually take over many of these cybersecurity requirements, with a transition period coordinated between the two regulations.
Law4Devs provides the full RED text as structured JSON via API. Filter by essential requirement type (safety, EMC, spectrum, cybersecurity, privacy), product category, or economic operator role. Access specific provisions on conformity assessment procedures, CE marking requirements, and delegated act cybersecurity obligations. Cross-reference with the CRA for overlapping product cybersecurity requirements and with the CSA for certification frameworks.