Contacts Customer login
ENG
Search
ENG
Back
Back to all news
Product Testing and Certification

Cybersecurity and the RED Directive: Upcoming Obligations and SIQ’s Comprehensive Capabilities

01. July 2025

Cybersecurity is becoming an increasingly critical topic – not only for companies and organisations but also at the product level. As of 1 August 2025, the first mandatory cybersecurity requirements will come into force under the Radio Equipment Directive (RED), specifically Article 3.3 (d), (e), and (f).

These requirements introduce binding obligations related to:

  • Cybersecurity (3.3d)
  • Personal data protection (3.3e)
  • Protection against fraud (3.3f)

SIQ’s Expertise in Cybersecurity Compliance

At SIQ Ljubljana, we offer a broad and integrated scope of cybersecurity services, covering both product-level and organisational needs. Our activities in this field include:

  • Testing cybersecurity on the products (mainly according to EN 18031-x and ETSI EN 303 645 at the moment, according to upcoming RED requirements). SIQ is also a listed Notified Body for scope of Article 3.3 d, e, f within the RED Directive
  • Performing penetration test (cybersecurity tests) on networks, web and mobile applications (for banking sector, insurance, manufacturers, etc.)
  • Evaluating and certifying information security systems according to ISO 27001, ISO 22301.
  • Making on-demand audits and verifications of information security compliance with local and EU legislations.
  • Training personnel for the information security process.

Background on RED Article 3.3 – What’s Changing?

The European Commission’s Radio Equipment Directive (2014/53/EU) establishes essential requirements for:

  • Health and safety
  • Electromagnetic compatibility (EMC)
  • Efficient use of the radio spectrum

Article 3.3 introduces additional requirements for specific radio equipment categories. On 12 January 2022, the EU published Delegated Regulation (EU) 2022/30, which activates Article 3.3 (d), (e), and (f) with a mandatory compliance date of 1 August 2025. This regulation enforces key provisions related to cybersecurity, personal data protection, and fraud prevention for all relevant wireless devices placed on the EU market.

Manufacturers were given a 42-month transition period, from February 2022 to August 2025, to align their products and documentation with the new requirements.

If you have questions regarding compliance testing or Notified Body involvement, please be aware that certain initial product documentation and technical details are required for an accurate assessment. Our experts are happy to guide you through the process.

Let us help you ensure that your products are ready for the cybersecurity challenges of tomorrow.

More information:

Jože Novak
E-mail: joze.novak@siq.si
Tel.: +386 1 4778 034

Back to all news