New EU RED Cybersecurity Rules Effective

The European Union's Radio Equipment Directive (RED) has been updated with a delegated regulation focusing on cybersecurity, effective from August 1, 2025. This enhancement aims to bolster security in connected devices, which is particularly relevant for industries like IoT and Automotive where reliable wireless communication is critical. As a leading distributor of high-quality electronic components, SE Spezial-Electronic GmbH supports customers by providing access to compliant solutions from partners like u-blox, ensuring seamless integration of RF technology and GNSS modules.

The RED Delegated Regulation introduces mandatory cybersecurity measures for all internet-connected radio equipment sold in the EU. Specifically, it activates Articles 3.3(d), 3.3(e), and 3.3(f) of the directive. Article 3.3(d) requires devices to avoid harming networks or misusing resources that could degrade service quality. Article 3.3(e) emphasizes protecting personal data and privacy against breaches, necessitating robust security mechanisms. Article 3.3(f) mandates safeguards against fraud, especially in devices handling transactions, often through secure execution environments.

Compliance can be demonstrated via testing by a Notified Body or self-declaration using the harmonized standard EN 18031, divided into three parts: Part 1 for network protection (Article 3.3(d)), Part 2 for data and privacy (Article 3.3(e)), and Part 3 for fraud prevention (Article 3.3(f)). Manufacturers must maintain technical documentation proving compliance for at least 10 years, available to authorities upon request. This framework ensures that radio equipment, such as short-range modules and GNSS receivers, meets elevated security standards without compromising performance.

u-blox, a key partner of SE Spezial-Electronic, has proactively addressed these requirements in its product portfolio. For short-range radio modules, which often enable Wi-Fi, Bluetooth, and other connectivity essential in IoT applications, u-blox emphasizes hardware-based security features in products like IRIS-W10, NORA-W10 and NORA-W40.

Similar compliance is evident in other u-blox short-range products like the NORA-W3, NINA-W15, ODIN-W2, and NINA-W13 series. These modules comply with Article 3.3(d) using EN 18031-1:2024, with some models extending to relevant parts for privacy and fraud protection where applicable. For instance, in medical or financial IoT applications, these modules support resilience mechanisms (RLM) and logging (LGM) to prevent unauthorized access. SE Spezial-Electronic assists customers in selecting these modules by offering technical consulting on integration, ensuring optimal use in automotive telematics or smart sensors where RF technology demands reliability.

Regarding GNSS products, u-blox's modules like the ZED-F9 series are designed for precise positioning in automotive navigation, asset tracking, and autonomous systems. While pure GNSS receivers primarily handle satellite signals and may not directly connect to the internet, certain applications involve internet-based correction services (e.g., via cellular or Wi-Fi for RTK precision). In such cases, cybersecurity becomes pertinent. u-blox states that all modules are engineered with security in mind, but specific RED cybersecurity compliance applies only to internet-capable configurations. For standard GNSS, existing RED conformity covers Articles 3.1(a), 3.1(b), and 3.2 for safety, EMC, and spectrum efficiency, using standards like ETSI EN 303 413.

SE Spezial-Electronic helps evaluate whether additional cybersecurity measures are needed based on system design, providing distribution and expertise to integrate GNSS with secure short-range connectivity for hybrid solutions.

To facilitate compliance verification, below is a table listing links to selected u-blox Declarations of Conformity (DoC) documents for short-range and GNSS products. These documents detail conformity to RED, including cybersecurity aspects where applicable. Note that for GNSS, the listed DoC reflects general RED compliance; contact u-blox or SE for updates on cybersecurity-specific declarations if your application involves internet connectivity.

 

We recommend reviewing these documents alongside u-blox's customer guidance application note on EN 18031 compliance.

Please reach out to us to support you.