RED directive requires stricter security for machines and appliances from August 2025. Are you ready yet?

Do you want to launch a product on the European market with a wireless radio connection (including WiFi and Bluetooth)? Then from August 2025 it must comply with the Radio Equipment Directive (RED, Radio Equipment Directive) issued by the European Commission.

The downside of growing digitalisation

Not only new wireless products (under development), but also existing products will have to meet these stricter cybersecurity requirements from August 2025. For machine and equipment constructors and electronics manufacturers, this means a significant overhaul of their approach to product development and security practices.

If a new weakness (vulnerability) is discovered, it does not matter whether it is in the software or in the Integrated Circuits (ICs) used, the product must be updated. OTA updates (*) of the software become essential, as the product may no longer be sold until the vulnerability is fixed! Customers exporting to the UK must also comply with the PSTI directive (**), which already comes into force on 29 April 2024.

Enhanced certification requirements

An essential aspect of the renewed RED directive is the implementation of increased certification requirements. E.D.&A. cooperates with inspection bodies to optimally specify and standardise the (new) imposed security measures in the development of our electronic controllers.

Together with the customer, we evaluate the risks and discuss in detail the security steps that can be taken. We work out procedures around following up and documenting risks for our products (risk analyses) in order to follow up and resolve them in a more structured way, now and in the future.

Law imposes increased focus on cyber security

The focus on cyber security in the renewed RED directive covers a wide range of appliances/devices, from smart home appliances and industrial machines to communications equipment. The aim is to prevent these devices from being misused as entry points for cyber attacks or as potential sources of data leaks.

(*) OTA (Over-The-Air)-updates. These are updates that can be distributed to machines & appliances via the internet. This makes it possible to update existing devices with end users. 

(**) PSTI: Product Security and Telecommunications Infrastructure. The UK is introducing new product security requirements for relevant & connected products. This directive forces the machine or equipment manufacturer to have, among other things, a reporting point for vulnerabilities, and a published minimum support period. Certain steps must be taken when problems are reported.