Ulf Seijmer: It doesn’t take much scrolling through the news to realize that security issues have grown increasingly important. I’m not talking about bolting anchors to the bows of half-rotten boats drifting in the Baltic Sea with unclear ownership, or posting “anchoring prohibited” signs in several languages. What I mean is something much closer to everyday life: electronics, connected gadgets and hardware that now permeate our lives.
Security measures are being tightened. A new standard will be introduced to raise the bar for cybersecurity. From August 2025 (delayed from 2024) technology companies will face a new reality. The EU’s updated Radio Equipment Directive (RED) brings stricter cybersecurity rules that affect everything from smartwatches to networking equipment and IoT sensors. The tricky part is that without this new compliance, your product’s CE marking is incomplete. And if you’re not ready, the consequence could be a sales ban until you can prove compliance. As with any new regulation, the pitfalls hide in the fine print.
Attractive promises, tough requirements
The cybersecurity requirements are clear. From August 2025, radio equipment that handles personal data or connects to networks must ensure protection for users’ personal data and privacy. The aim is to prevent equipment from becoming a threat to networks or users. Additionally, robust defenses against cybersecurity threats must be in place.
For manufacturers who haven’t built their products with security in mind, this means addressing existing vulnerabilities and closing security gaps. In the long term, it means adopting “Security by Design” — embedding security from the drawing board through to product launch.
There has been significant uncertainty about which standard to certify against. The European Commission delayed guidance for a long time, leaving companies in the uncomfortable position of not knowing which rules will apply — similar to building a house without knowing the exact building code. Do you wait and risk delays, or proceed and risk having to redo large parts later? Up until recently most information circulated online and pointed toward a different standard than the one ultimately adopted. Many developers have found themselves following incorrect guidance, as if relying on the wrong tutorial videos in a filter bubble. That confusion is finally resolving, but it has cost time and effort.
To ease the transition, authorities have allowed a long adaptation period for products, but they were not clear about the precise target for compliance. Now the timeline is tighter. Within less than six months, all products falling under the scope must be tested and verified against the EN 18031–1:2024 standard, according to PTS. The objective is sharp, but the timeframe feels unrealistic for many teams. This introduces a real headache: time. If you plan to do it properly and don’t have in-house certainty, you should engage an accredited lab.
What’s at stake?
Failing to be prepared can be expensive. Without correct CE marking you cannot sell products within the EU. Non-compliance can lead to fines and legal exposure, and an insecure product damages customer trust — intrusions are not easily forgotten. Organizations handling sensitive information are likely already aware of these risks. Many companies in CCS have an advantage because they have prioritized cybersecurity for some time.
How to take control — now
Don’t wait. Start by analyzing your product portfolio to identify which devices fall under RED and assess their current security posture. Engage with manufacturers or create a remediation plan. Using test houses and certification bodies can help you verify products and interpret requirements, though availability may be limited. Also plan for the unexpected through risk analysis and preventive measures.
Remember that cybersecurity requirements are not just about ticking a box. It isn’t enough to present a certificate in August; maintaining security is an ongoing effort to keep attackers away from the devices you sell. This is not about bolting anchors to foreign vessels — it’s navigating dangerous waters full of hidden shoals, GPS interference and no reliable chart unless you take security seriously from the start.