Radio Equipment Directive Delegated Act (RED-DA)
As connected technologies become increasingly widespread, they bring significant convenience to users but also escalate cybersecurity risks, which are becoming more complex and diverse. To address these challenges, the European Commission introduced the Radio Equipment Directive Delegated Act (RED-DA) to establish higher safety and performance standards for wireless equipment, enhancing compliance and market adaptability. This act took effect on February 1, 2022, and will become mandatory on August 1, 2025.
Scope and Requirements
RED-DA supplements the Radio Equipment Directive (RED) and establishes three fundamental cybersecurity requirements under Article 3.3(d), (e), and (f):
1.Article 3.3(d): Network Protection
• Devices must ensure they do not harm networks or their functionality, nor misuse network resources, to avoid service degradation.
• Scope: Any wireless device capable of internet communication.
2.Article 3.3(e): Data and Privacy Protection
• Devices must include safeguards to protect user personal data, traffic data, and location data.
•Scope: Devices processing personal, traffic, or location data.
3.Article 3.3(f): Fraud Prevention
• Devices must support specific functionalities to mitigate fraud risks, such as secure transfer of currency or virtual assets.
• Scope: Wireless devices handling monetary or virtual currency transfers.
Excluded Devices
Certain devices are excluded from RED-DA’s scope, including medical equipment, motor vehicles, electronic toll collection (ETC) systems, and remote-controlled drones, as these are regulated under other directives.
Inquiry