Sign in
Cart
Cart
0,00 EUR
Products Manufacturers New arrivals and Deals Articles Contact About us Samples
United Kingdom
Flag for en language
€ EUR
Prices without VAT
menu
cart
Categories
Communication Modules   Communication Modules
(5936)
Power Supplies   Power Supplies
(17808)
Semiconductors   Semiconductors
(25750)
Optoelectronics and Sound   Optoelectronics and Sound
(12818)
Embedded Systems   Embedded Systems
(3316)
Passive Components   Passive Components
(13234)
Electromechanical Components   Electromechanical Components
(90657)
Cables and Cords   Cables and Cords
(3272)
Test & Measurement   Test & Measurement
(3870)
Tools   Tools
(9151)
Enclosures and Hardware   Enclosures and Hardware
(13071)
Automation   Automation
(2220)

The Delegated Act on Cybersecurity Under RED (EU) 2022/30 Comes Into Effect on 1 August 2025

SOS ELECTRONIC
QUECTEL

Cybersecurity

facebook
Starting from 1 August 2025, all manufacturers, importers, and distributors of wireless devices in the European Union will need to comply with the delegated act on cybersecurity under the Radio Equipment Directive (RED). Who exactly does the directive apply to, and how can you prepare for it? We’ve summed up the main points in this short article. Quectel also covered the topic in a dedicated webinar, and the recording is available at the end. (Read time: 4 minutes)
Pavel Kováč
Pavel Kováč
SOS electronic Product Specialist
More articles from the author

obr3074_p27ff262fc78d.jpg

This article highlights the new RED regulation (EU) 2022/30, which comes into force on 1 August 2025. It applies to any radio equipment that can connect to the internet independently. For full details, refer to Commission Delegated Regulation (EU) 2022/30 of 29 October 2021, which supplements Directive 2014/53/EU of the European Parliament and of the Council.

A New Era for Cybersecurity Compliance in the EU Under RED

The European Commission’s Directorate-General for the Internal Market, Industry, Entrepreneurship and SMEs introduced this regulation in response to growing concerns around the security of connected devices. With cyberattacks and data breaches on the rise, there’s a stronger push to improve regulation and minimise risk.

The regulation is designed to strengthen cybersecurity, safeguard user privacy and support better interoperability across smart and connected devices in the EU. It also underlines the EU’s commitment to protecting consumers, maintaining digital sovereignty, and building a more resilient digital infrastructure in the age of the Internet of Things.

What Is the RED delegated act?

Commission Delegated Regulation (EU) 2022/30, supplementing RED 2014/53/EU, introduces new essential requirements to ensure that radio equipment: 

  • protects personal data and user privacy
  • prevents misuse of network services
  • supports interoperability with existing networks
The core requirements of the directive apply to any radio device capable of communicating over the internet on its own, whether directly or through another device.


The regulation covers a broad range of connected equipment, including:

  • smartphones and tablets
  • smart home devices
  • IoT modules (e.g. Wi-Fi, Bluetooth, LTE)
  • smart toys and wearables
  • wireless routers and modems

Important note: The regulation is not retroactive. The new cybersecurity requirements apply only to products placed on the market after 1 August 2025.


The Delegated Act amends Article 3(3) of the RED directive by adding the below obligations

(d) Network protection – devices must not harm network performance or misuse network resources

(e) User privacy protection – devices must prevent unauthorised access to personal data

(f) Fraud prevention – devices must be secure enough to prevent identity theft or unauthorised payments

To prove compliance, manufacturers can either follow harmonised standards (expected from ETSI or ENISA) or work with a notified body to carry out a conformity assessment.

obr3074_p86df034f7a1c.jpg

Who is affected by RED DA (EU) 2022/30? 


  • manufacturers of wireless devices sold in the EU
  • importers bringing products into the EU
  • distributors and retailers offering connected devices


They will be responsible for:

  • updating technical documentation
  • issuing a new EU Declaration of Conformity (DoC)
  • conducting cybersecurity risk assessments for their products

 

What’s recommended when preparing devices for RED DA (EU) 2022/30? 

  • Review your product portfolio and identify which devices fall under the new scope.
  • Conduct cybersecurity risk assessments for applicable products.
  • Apply secure-by-design principles (e.g. encryption, authentication).
  • Update firmware and software processes to support future patches and security updates.
  • Keep track of harmonised standards as they’re published and adjust your testing approach.
  • Train internal teams on documentation updates and CE marking requirements.

You’ll find the full text and all necessary information in Commission Delegated Regulation (EU) 2022/30 of 29 October 2021, which supplements Directive 2014/53/EU of the European Parliament and of the Council regarding the essential requirements set out in Article 3(3), points (d), (e), and (f).

The official versions of the relevant acts, including their preambles, are available in the Official Journal of the European Union and can be accessed through the EUR-Lex portal.

What else is coming? Upcoming EU and US cybersecurity regulations 

In addition to the RED DA, several other cybersecurity regulations are set to take effect over the coming years:

  • Cyber Resilience Act (CRA)

This upcoming EU regulation will require connected devices, particularly those used in critical infrastructure, to have built-in cybersecurity features. Manufacturers will need to provide regular security updates and patches. Compliance will be mandatory from 2027

  • US Cyber Trust Mark

A voluntary labelling scheme in the United States, similar in purpose to CRA. While not mandatory, it can help promote a product’s cybersecurity credentials. 

  • US Regulation on Connected Vehicles

Regulations in the US will require cybersecurity compliance for vehicle software from 2027 and for hardware by 2030. These rules apply to connected vehicles, aftermarket telematics solutions, and spare parts sold on the US market.

obr3074_pa02fda75e9e3.jpg

Masterclass Quectel – RED DA and beyond: How to prepare for new cybersecurity regulations 

Want to better understand how the upcoming cybersecurity rules may affect your project? Or how suppliers can support your compliance efforts and help future-proof your devices? Quectel has put together an expert-led webinar on this topic, featuring Tomaz Petaros and Seungryoul Yoon.  

Webinar agenda includes

  • Overview of the RED DA and other upcoming cybersecurity regulations
  • How to prepare for the new requirements
  • How Quectel can support your compliance process
Watch the webinar here.

Explore our current range of Quectel communication modules. We’re continuously expanding our offer as new models become available.

What value does this article hold for you?

Your feedback helps us create truly useful content for our readers. Appreciate the above information with an imaginary contribution for this article.

Great, thank you for your participation! Your opinion is very important to us.

If you have any questions or comments, please don't hesitate to contact us. Thanks again for your time and trust.

Interested in more information about Quectel products or need technical advice on choosing the right product? Have any other questions or requests? Fill out the form below, and we’ll be happy to help!

* Data marked with an asterisk (*) are required.
slash Do not miss these articles

Do you like our articles? Do not miss any of them! You do not have to worry about anything, we will arrange delivery to you.

Date of publishing 06/23/2025.
When you issue article on your website, please give its source: https://www.soselectronic.com/en-gb/articles/sos-supplier-of-solution/the-delegated-act-on-cybersecurity-under-red-eu-202230-comes-into-effect-on-1-august-2025-3074
We ship the goods with the following carriers
You can pay using these payment methods
We accept payment by credit cards
© SOS electronic s.r.o. 1991-2025 | Created by © bart.sk
slash
Do you agree with cookies being stored?
Welcome to the SOS electronic website. Before you enter our online world, we would like to ask you to allow us to store cookies on your browser. Your consent will help us view the site without error, measure its performance, and track additional statistics. Apart from that, we can bring you an offer of our products and services, literally tailor-made. We also provide cookies to third parties. However, you are definitely safe with us.
The proper operation of the website
More stable technical control
Better marketing offer

More about cookies
More about personal data processing

Necessary Only selected Accept all cookies
Change the settings
Country
Select the country you are located in to receive relevant information and services tailored to your region.
Choose a language
Select your preferred language for displaying website content and communicating with our support.
Flag for sk languageFlag for cz languageFlag for hu languageFlag for en languageFlag for de languageFlag for ro languageFlag for pl languageFlag for it languageFlag for es languageFlag for fr language
Currency
Select the currency in which you want to see product prices. This way, we ensure you see current prices tailored to your needs.
Show prices with VAT
Select whether you want to display prices with or without VAT to have a better overview of costs.
Prices without VAT Prices incl. VAT