On October 29, 2021, European Commission adopted the delegated act to the Radio Equipment Directive () which aim to reinforce the safety of all wireless devices sold on the EU market. The delegated act requires compliance to privacy and cyber security requirements of internet-connected radio equipment by mid-2024.
Baseline requirements are defined in ETSI EN 303 645 however based on risk, type of device and its intended use additional requirements may be applicable.
The essential requirement set out in Article 3(3), point (e), of Directive 2014/53/EU shall apply to any of the following radio equipment, if that radio equipment is capable of processing, within the meaning of Article 4(2) of Regulation (EU) 2016/679, personal data, as defined in Article 4(1) of Regulation (EU) 2016/679, or traffic data and location data, as defined in Article 2, points (b) and (c), of Directive 2002/58/EC:
– (a) internet-connected radio equipment, other than the equipment referred to in points (b), (c) or (d);
– (b) radio equipment designed or intended exclusively for childcare;
– (c) radio equipment covered by Directive 2009/48/EC;
– (d) radio equipment designed or intended, whether exclusively or not exclusively, to be worn on, strapped to, or hung from any of the following:
– any part of the human body, including the head, neck, trunk, arms, hands, legs and feet;
– any clothing, including headwear, hand wear and footwear, which is worn by human beings;
3. The essential requirement set out in Article 3(3), point (f), of Directive 2014/53/EU shall apply to any internet-connected radio equipment, if that equipment enables the holder or user to transfer money, monetary value or virtual currency as defined in Article 2, point (d), of Directive (EU) 2019/713.
Key exclusions: selected medical devices, IVD, mobililty, aviation