Interview with Olaf Wilmsmeier
1. Why are the radio regulations being revised?
The Radio Equipment Directive (Directive 2014/53/EU, also known as RED) requires radio equipment in the EU to meet certain health, safety, electromagnetic compatibility and spectrum efficiency requirements.
However, digitization and networking mean that radio devices are now much more than just transmitters and receivers. They are part of networked systems and therefore potential targets for cyber-attacks.
“This is precisely where Regulation (EU) 2022/30 comes in, defining additional cybersecurity requirements for certain radio equipment. These include privacy protection, network security and protection against unauthorized access.”
Olaf Wilmsmeier – Founder & Owner, Wilmsmeier Solutions
2. Why is this important according to the EU?
With the increasing networking of devices, the risks also increase: cyber attacks, data misuse and unauthorized access are just some of the threats that can arise from security gaps in radio equipment.
The harmonized standards create a uniform level of security in the EU. This strengthens consumer confidence and ensures that devices can be used safely throughout the EU.
3. What will change with the addition of cybersecurity to the RED?
With the increasing networking of household appliances, the risk of cyberattacks in smart homes is also growing. Smart door locks, networked cameras, voice assistants and IoT-enabled household appliances can be gateways for cyber risks.
When the requirements of the EU regulation come into force, the cybersecurity requirements will be expanded and, to put it simply, adapted to the current state of the art. The extension of the RED includes three new subsections in Chapter 3(3):
- Applies to all radio equipment that falls under the provisions of the RED and is internet-enabled.
- Applies to all radio equipment that falls under the RED regulations, is internet-enabled and processes personal data and/or location data.
- Applies to all radio equipment that falls under the RED regulations, is internet-enabled and exchanges and processes information on money transfers or payment functions.
Accordingly, three new EN standards were developed under the auspices of CEN/CENLEC, which received the standardization mandate.
- EN 18031-1 für Kapitel 3(3) (d)
- EN 18031-2 für Kapitel 3(3) (e)
- EN 18031-3 für Kapitel 3(3) (f)
* CEN (European Committee for Standardization) and CENELEC (European Committee for Electrotechnical Standardization) are two European standardization organizations responsible for the development and harmonization of technical standards in Europe.
When the requirements of the EU regulation come into force, the cybersecurity requirements will be expanded and, to put it simply, adapted to the current state of the art. The extension of the RED includes three new subsections in Chapter 3(3):
- Applies to all radio equipment that falls under the provisions of the RED and is internet-enabled.
- Applies to all radio equipment that falls under the RED regulations, is internet-enabled and processes personal data and/or location data.
- Applies to all radio equipment that falls under the RED regulations, is internet-enabled and exchanges and processes information on money transfers or payment functions.
Accordingly, three new EN standards were developed under the auspices of CEN/CENLEC, which received the standardization mandate.
- EN 18031-1 für Kapitel 3(3) (d)
- EN 18031-2 für Kapitel 3(3) (e)
- EN 18031-3 für Kapitel 3(3) (f)
* CEN (European Committee for Standardization) and CENELEC (European Committee for Electrotechnical Standardization) are two European standardization organizations responsible for the development and harmonization of technical standards in Europe.
With the increasing networking of household appliances, the risk of cyberattacks in smart homes is also growing. Smart door locks, networked cameras, voice assistants and IoT-enabled household appliances can be gateways for cyber risks.
4. What challenges arise from the new EN standards and CE conformity as a result of the European Commission’s restrictions?
Despite this subdivision, the mass of radio equipment and applications covered by the individual chapters and standards is still large. This has also presented CEN/CENLEC with considerable problems when drafting the standards.
The new EN standards can be used for self-declaration of CE conformity if the four restrictions announced by the EU Commission are observed.
The first restriction, that the examples and additional explanations given in the standards may not be used to declare CE conformity, is certainly easy to take into account.
The other three restrictions require more attention. All restrictions are listed by the EU in Decision (EU) 2025/138 and additionally explained in a separate “non-binding guidance” document.
