The Commission of the European Union (EU) has extended the effective date of its expanded application of the essential requirements of its Radio Equipment Directive (2014/53/EU, also known as RED).
Published in late October in the Official Journal of the European Union, Delegated Regulation (EU) 2023/2444 extends until August 2025 the expanded application of the RED detailed in Delegated Regulation (EU) 2022/30. That Delegated Regulation includes the cybersecurity of internet-connected equipment under the scope of the RED and was originally scheduled to take effect in August 2024.
Internet-connected equipment specifically subject to the provisions of EU 2022/30, includes:
- Radio equipment designed or intended exclusively for childcare;
- Radio equipment covered under the scope of the EU’s Directive on the Safety of Toys (2009/48/EC);
- Radio equipment designed or intended to be worn, strapped to, or hung from any part of the human body or incorporated into any clothing worn by humans, such as headwear, hand wear, or footwear;
- Radio equipment that enables the holder or user to transfer money, monetary value, or virtual currency.
Internet-connected equipment expressly not included under the expanded scope of cybersecurity requirements detailed in the draft Delegated Regulation includes medical devices covered under the EU’s Medical Device Regulation (EU 2017/745) and the In Vitro Diagnostic Medical Device Regulation (EU 2017/746). Also excluded are internet-connected equipment and devices used in civil aviation applications (EU 2018/1139) and in automotive systems and components (EU 2019/2144).