The CE certification is legally required for sale of products within the European Economic Area (EEA). It validates compliance with critical EU regulations covering safety, health, environmental protection, and cybersecurity. With the upcoming August 2025 deadline for Radio Equipment Directive (RED) compliance looming ahead, manufacturers must act now to ensure their devices meet the latest standards.
The Radio Equipment Directive (RED) 2014/53/EU has introduced significant changes through its delegated act 2022/30, which mandates enhanced security requirements for internet-connected radio equipment. These new requirements focus on three critical areas of device security:
The requirements internet-connected devices such as smartphones, tablets, and IoT devices, as well as connected toys and childcare equipment. Wearable devices like smartwatches and fitness trackers also fall under these regulations as the scope of personal devices that collect sensitive data widens.
Several categories have specific exemptions from certain requirements:
Begin with a comprehensive assessment of your product against the three core EN 18031 standards:
These assessments should be integrated into product development lifecycles from the earliest stages to ensure that compliance is weaved into designs rather than added as an afterthought.
Detailed technical documentation is required to demonstrate compliance with essential requirements. Files should elaborate on the manufacturer's risk assessment methodology, implemented security controls, software update mechanisms, and encryption protocols. A well-prepared documentation not only facilitates the certification process but also serves as a valuable reference for maintaining compliance throughout a product's lifecycle.
The conformity assessment process will vary depending on your product's characteristics and intended use. You may choose between internal production control (Module A), EU-type examination (Module B), or full quality assurance (Module H). Each path has specific requirements and considerations aligned with specific product development and manufacturing processes.
Manufacturers can comply with new cybersecurity requirements on the basis of self-declaration after demonstrating compliance with harmonized standards. That said, devices that can be operated without passwords or only complies partially with prevailing standards will require the involvement of notified bodies.
The EU Declaration of Conformity is a document that serves as a manufacturer's formal statement of compliance with all applicable requirements. It must be prepared with all necessary elements, including clear manufacturer identification, detailed product descriptions and specifications, referenced standards and directives, and the conformity assessment procedure used.
CE certification simply marks the beginning of an ongoing commitment to compliance. Manufacturers must establish robust processes for monitoring regulatory changes and implement the necessary security patches and updates. Regular maintenance of technical documentation and periodic security assessments ensure continued compliance and product safety. This proactive approach helps protect manufacturers' certification status and their customers.
Take the first step in your CE certification journey by connecting with GRL's certification experts. Our team will assess your product's compliance status and develop a tailored certification strategy to ensure that all necessary requirements for successful market access are met.