Tools & Components

Tools and components for embedded development that make your life as a developer more efficient, fun and stress-free. Logic Technology offers only high-quality embedded software- and hardware tools and components.

View all tools
Bootloaders, UEFI BIOS and OpenBMC Boundary Scan Testing Code Coverage Coding Standards Communication Protocols and Stacks Computer Modules Connectors Data Management Debuggers and Trace Dependency Structure Matrix – DSM Development Kits Device Programmers File Systems IDEs IoT and Edge device security RTOS Real-Time Operating systems Software Quality Tools Static Code Analysis Test and Burn-In Sockets Traceability and Certification UI Graphical Interface Software Unit Testing

RED 3.3: Essential Cybersecurity Requirements for Radio Equipment

As of August 1, 2025, the Radio Equipment Directive (RED) Articles 3.3(d), 3.3(e) and 3.3(f) have been activated, introducing mandatory cybersecurity requirements for radio equipment placed on the EU market. For embedded developers and manufacturers of connected devices, these regulations represent a critical compliance milestone that cannot be ignored.

Understanding RED 3.3

The radio equipment directive 2014/53/EU (RED) establishes a regulatory framework for placing radio equipment on the market. It ensures a single market for radio equipment by setting essential requirements for safety and health, electromagnetic compatibility, and the efficient use of the radio spectrum. The newly activated Article 3.3 provisions specifically address cybersecurity concerns for internet-connected radio equipment.

Key Requirements

The three essential cybersecurity requirements under RED 3.3 are:

Article 3.3(d): Network Protection Radio equipment that can communicate over the internet, either directly or via any other equipment must not harm networks or cause unacceptable service degradation by misusing network resources.

Article 3.3(e): Personal Data Protection Equipment capable of processing personal, traffic or location data, excluding radio equipment designed or intended exclusively for childcare, equipment covered under the Toys Directive (2009/48/EC) and radio equipment designed or intended to be worn on, strapped to or hung from the body or clothing must include safeguards to protect user privacy and personal data.

Article 3.3(f): Fraud Prevention Internet connected radio equipment that enables the holder or user to transfer money, monetary value or virtual currency must support capabilities that ensure protection against fraud.

Affected Products

RED 3.3 applies to a wide range of connected devices including:

  • IoT devices and smart home equipment
  • Communication modules and routers
  • Wearable devices (with exceptions for body-worn equipment under Article 3.3(e))
  • Payment systems and POS devices
  • Emergency response equipment
  • Connected monitoring systems

Medical devices under Regulations (EU) 2017/745 and (EU) 2017/746 are exempt from Articles 3.3(d), 3.3(e) and 3.3(f). Civil aviation equipment under Regulation (EU) 2018/1139, motor vehicles under Regulation (EU) 2019/2144 and road toll systems under Directive (EU) 2019/520 are exempt from article 3.3(e) and 3.3(f), however, Article 3.3(d) still applies to them.

Compliance Standards

The CENELEC standards EN18031-1, EN18031-2 and EN18031-3 have been published in the Official Journal of the European Union; however, they were published with restrictions. These harmonized standards provide the framework for compliance:

  • EN 18031-1: General cybersecurity requirements for Article 3.3(d)
  • EN 18031-2: Privacy and data protection requirements for Article 3.3(e)
  • EN 18031-3: Fraud prevention requirements for Article 3.3(f)

Implementation Requirements

In accordance with RED Article 17, a Notified Body is required if a manufacturer does not apply harmonized standards or has not fully applied them (i.e. applied only part of a harmonized standard). This means manufacturers must either:

  1. Self-declare compliance by fully applying the relevant EN 18031 standards
  2. Engage a Notified Body for third-party assessment when standards aren't fully applied or don't cover all requirements

Essential Compliance Elements

To meet RED 3.3 requirements, manufacturers must ensure:

  • Network efficiency: Prevent network overloads and abusive signaling
  • Data protection: Implement encryption, authentication, and access controls
  • Fraud prevention: Include secure boot, device signatures, and anti-tampering measures
  • Technical documentation: Maintain comprehensive compliance records for 10 years
  • CE marking: Apply proper marking after successful conformity assessment

Logic Technology's Role in RED 3.3 Compliance

At Logic Technology, we understand the complexity of implementing cybersecurity measures in embedded radio equipment. Our solutions help embedded developers navigate RED 3.3 requirements by:

  • Security-by-design integration: Incorporating cybersecurity principles early in the development process
  • Compliance testing tools: Providing static analysis and vulnerability assessment capabilities
  • Standards alignment: Supporting development practices that align with EN 18031 requirements
  • Documentation support: Enabling comprehensive traceability and compliance documentation

The transition period has ended, and compliance is now mandatory. Manufacturers who haven't prepared for these requirements face potential market access restrictions, product recalls, and significant penalties.

Ready to ensure RED 3.3 compliance? Contact Logic Technology to learn how our embedded development solutions can help you build secure, compliant radio equipment that meets the EU's cybersecurity standards while maintaining optimal performance and reliability.

Gevorg Melikdjanjan

Gevorg Melikdjanjan

Security | Reliability | Data Solutions

Would you like to receive the datasheet?

Schedule a meeting Chat now