Starting from 1 August 2025, wireless devices placed on the EU market must meet the new information security requirements harmonised at EU level. Device manufacturers must take into account the new requirements already in the design phase of the devices. The Finnish Transport and Communications Agency Traficom supervises the compliance of wireless devices sold on the Finnish market and promotes the functionality and information security of radio communications.
The EU Radio Equipment Directive lays down harmonised requirements for different wireless devices that use the radio spectrum. These devices include, for example, smartphones, tablets and remote-controlled toys. Mandatory information security requirements for radio equipment are coming in the EU area. "The new requirements apply to some radio equipment and will be part of the CE marking requirements in the future. The manufacturer's task is to ensure that the device meets all the requirements for it," says Senior Specialist Milla Kuokkanen from Traficom.
Mandatory information security requirements must be complied with from 1 August 2025
The intended start date of the application of information security requirements was 1 August 2024. The European Commission has now, with a Regulation, postponed the application deadline by a year in order to give more time for the preparation of technical standards for information security requirements. Radio devices to be placed on the EU market must comply with information security requirements from 1 August 2025.
The goal is to improve the information security of wireless devices
The new requirements concern wireless devices that are connected to the internet directly or via other equipment, children’s devices and wearable devices, such as smart watches. "Information security requirements aim to improve user privacy and protect communication networks. The goal is also to reduce the risk of monetary fraud committed using internet-connected equipment. Requirements concerning the protection of personal data and privacy have been set, in particular, for children’s devices, such as toys and childcare equipment, and wearable equipment”, emphasises Senior Specialist Saana Seppänen from Traficom’s National Cyber Security Centre Finland.
Deficiencies have been detected in the information security of wireless devices sold in the EU, which the regulation is now trying to correct. The requirements have a significant impact on the implementation of the products. Manufacturers should familiarise themselves with the requirements as quickly as possible and take them into account right from the planning stage.
In the future, Traficom will be responsible for monitoring information security requirements as part of other market monitoring for the sale of radio equipment. In the future, the information security requirements will be part of the requirements coming from the Radio Equipment Directive RED 2014/53/EU.
Further information
Senior Specialist Saana Seppänen, information security requirements, saana.seppanen@traficom.fi, tel. +358 295 390 485
Senior Specialist Milla Kuokkanen, market surveillance of wireless devices, milla.kuokkanen@traficom.fi, tel. +358 295 390 354
More information on the compliance of radio equipment (External link)
EU Radio Equipment Directive (External link) (RED 2014/53/EU)
European Commission Delegated Regulation on cyber security requirements (External link) (2022/30)