The CE certification is legally required for sale of products within the European Economic Area (EEA). It validates compliance with critical EU regulations covering safety, health, environmental protection, and cybersecurity. With the upcoming August 2025 deadline for Radio Equipment Directive (RED) compliance looming ahead, manufacturers must act now to ensure their devices meet the latest standards.
Understanding the New RED Landscape
The Radio Equipment Directive (RED) 2014/53/EU has introduced significant changes through its delegated act 2022/30, which mandates enhanced security requirements for internet-connected radio equipment. These new requirements focus on three critical areas of device security:
- Manufacturers must ensure network resilience and implement robust protections against potential misuse.
- Comprehensive personal data and privacy safeguards must be in place to protect user information.
- Devices capable of processing payments must be enhanced with fraud prevention mechanisms to protect financial transactions.
Scope of Application
The requirements internet-connected devices such as smartphones, tablets, and IoT devices, as well as connected toys and childcare equipment. Wearable devices like smartwatches and fitness trackers also fall under these regulations as the scope of personal devices that collect sensitive data widens.
Consumer IoT devices
-
- Must implement all three EN 18031 standards if internet-connected
- Additional requirements if supporting financial transactions
Toys and childcare equipment
-
- Enhanced privacy protection requirements
- Specific data handling considerations
- Network security requirements if internet-connected
Wearable devices
-
- Particular focus on personal data protection
- Additional requirements for health data handling
- Network security considerations for connected features
Important Exclusions
Several categories have specific exemptions from certain requirements:
- Medical and in-vitro diagnostic devices
- Automotive equipment under Regulation 2019/2144
- Civil aviation equipment (including drones)
- Electronic road toll systems
Essential Steps for CE Certification Success
1. Strategic Compliance Planning
Begin with a comprehensive assessment of your product against the three core EN 18031 standards:
- EN 18031-1 for network and system security
- EN 18031-2 for privacy and data protection
- EN 18031-3 for financial transaction security, where applicable.
These assessments should be integrated into product development lifecycles from the earliest stages to ensure that compliance is weaved into designs rather than added as an afterthought.
2. Technical Documentation Preparation
Detailed technical documentation is required to demonstrate compliance with essential requirements. Files should elaborate on the manufacturer's risk assessment methodology, implemented security controls, software update mechanisms, and encryption protocols. A well-prepared documentation not only facilitates the certification process but also serves as a valuable reference for maintaining compliance throughout a product's lifecycle.
3. Conformity Assessment
The conformity assessment process will vary depending on your product's characteristics and intended use. You may choose between internal production control (Module A), EU-type examination (Module B), or full quality assurance (Module H). Each path has specific requirements and considerations aligned with specific product development and manufacturing processes.
Manufacturers can comply with new cybersecurity requirements on the basis of self-declaration after demonstrating compliance with harmonized standards. That said, devices that can be operated without passwords or only complies partially with prevailing standards will require the involvement of notified bodies.
4. Declaration of Conformity
The EU Declaration of Conformity is a document that serves as a manufacturer's formal statement of compliance with all applicable requirements. It must be prepared with all necessary elements, including clear manufacturer identification, detailed product descriptions and specifications, referenced standards and directives, and the conformity assessment procedure used.
Post-certification compliance
CE certification simply marks the beginning of an ongoing commitment to compliance. Manufacturers must establish robust processes for monitoring regulatory changes and implement the necessary security patches and updates. Regular maintenance of technical documentation and periodic security assessments ensure continued compliance and product safety. This proactive approach helps protect manufacturers' certification status and their customers.
Secure your devices with GRL
Take the first step in your CE certification journey by connecting with GRL's certification experts. Our team will assess your product's compliance status and develop a tailored certification strategy to ensure that all necessary requirements for successful market access are met.
