---
title: "RED vs ETSI EN 303 645: IoT cyber evidence comparison"
canonical_url: "https://www.sorena.io/artifacts/eu/radio-equipment-directive/red-vs-etsi-en-303-645"
source_url: "https://www.sorena.io/artifacts/eu/radio-equipment-directive/red-vs-etsi-en-303-645"
author: "Sorena AI"
description: "Compare EU RED cybersecurity duties with ETSI EN 303 645 evidence reuse for connected radio products, OJEU standards, CE files, and 1 August 2025 planning."
published_at: "2026-05-09"
updated_at: "2026-05-27"
keywords:
  - "RED vs ETSI EN 303 645"
  - "EU Radio Equipment Directive cybersecurity"
  - "ETSI EN 303 645 evidence"
  - "RED Article 3(3)"
  - "IoT security CE marking"
  - "EU Radio Equipment Directive"
  - "RED cybersecurity"
  - "ETSI EN 303 645"
  - "IoT security"
  - "OJEU harmonised standards"
  - "CE marking"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# RED vs ETSI EN 303 645: IoT cyber evidence comparison

Compare EU RED cybersecurity duties with ETSI EN 303 645 evidence reuse for connected radio products, OJEU standards, CE files, and 1 August 2025 planning.

*Comparison* *EU RED*

## RED vs ETSI EN 303 645 for connected radio products

RED is binding EU product law for radio equipment. ETSI EN 303 645 is useful cyber baseline evidence for consumer IoT, but it does not by itself replace a RED conformity assessment or an OJEU-cited harmonised standard route.

Use this comparison to decide what belongs in the RED technical file, what can be reused from an ETSI EN 303 645 control assessment, and what must be separately verified before CE marking.

RED and ETSI EN 303 645 often meet in the same connected product program, but they answer different questions. RED decides whether radio equipment can be placed on the EU market and which Article 3 essential requirements, conformity route, technical documentation, EU declaration, CE marking, and market-surveillance duties apply. ETSI EN 303 645 can help structure consumer IoT cybersecurity evidence, but the RED file still needs a source-linked Article 3(3)(d), (e), and (f) conclusion and a standards position tied to OJEU citation status.

## RED vs ETSI EN 303 645: evidence and compliance boundary

A practical comparison for connected radio equipment teams deciding when RED controls the legal route and when ETSI EN 303 645 evidence can support, but not replace, RED cybersecurity compliance.

- **RED**: RED controls EU market access for radio equipment, including essential requirements, conformity assessment, technical documentation, EU DoC, CE marking, and market-surveillance response.
- **ETSI EN 303 645**: ETSI EN 303 645 can organize consumer IoT cybersecurity controls and assurance evidence, but teams must verify any claimed RED presumption of conformity through the applicable OJEU-cited harmonised standard route.

| Dimension | RED | ETSI EN 303 645 | Operational implication | Sources |
| --- | --- | --- | --- | --- |
| Scope | RED starts with whether the product is radio equipment placed or made available on the EU market. | ETSI EN 303 645 should be scoped to the consumer IoT product, service, software, and data boundary actually assessed. | A connected consumer product may need both workstreams, but a positive ETSI EN 303 645 control assessment does not prove RED scope or CE readiness. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for legal market-access scope.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for the distinction between standards and certification. |
| Who must act | The RED manufacturer is the primary actor responsible for conformity assessment, technical documentation, EU declaration of conformity, CE marking, and market-surveillance cooperation. Importers and distributors carry secondary RED checks and can become responsible as manufacturers when they substantially modify equipment. | ETSI EN 303 645 work is typically owned by product security, engineering, or supplier-management teams. Their assessment evidence must be linked back to the RED economic operator so it can be cited in the technical file. | Name the RED economic operator in every conformity file and bridge note so security evidence produced by internal or supplier teams cannot become orphaned from the CE compliance decision. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Source for assigning legal accountability to the correct economic operator.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards support; organizational ownership must be assigned in the product program. |
| Trigger or threshold | RED Article 3(3)(d) applies to internet-connected radio equipment; Article 3(3)(e) and (f) depend on the listed data-processing, childcare, toy, wearable, and payment-transfer conditions. | ETSI EN 303 645 evidence should be mapped control by control to the device features, data flows, vulnerability process, update model, and product documentation it actually covers. | Do not reuse a generic IoT security checklist; build a RED trigger matrix first, then attach ETSI EN 303 645 evidence to the relevant trigger. | [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for trigger-specific RED cybersecurity mapping.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards as technical specifications; EN 303 645 control details should come from the assessment record or standard text. |
| Core obligations | RED core obligations for radio equipment include meeting Article 3 essential requirements, choosing and executing the correct conformity assessment route under Article 17, drawing up technical documentation, issuing the EU declaration of conformity, and affixing CE marking before market placement. | ETSI EN 303 645 core obligations are internal: maintain assessed security controls across the documented IoT system boundary. The standard does not create EU legal duties; teams must bridge each EN 303 645 control to its RED essential-requirement equivalent and document the standards-status position. | Translate RED essential requirements into a numbered matrix before consulting EN 303 645; do not reverse-engineer from EN 303 645 controls to RED compliance because the mapping is not always one-to-one. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for Article 17 conformity assessment routes and harmonised-standard conditions.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for when harmonised standards take effect and what they support.<br>[European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for OJEU-cited harmonised standards required for presumption of conformity. |
| Evidence | RED evidence should include technical documentation, risk analysis, applied standards or other technical specifications, tests, EU DoC, CE basis, and any EU-type examination or quality-assurance records. | ETSI EN 303 645 evidence should remain a security-control evidence set unless the RED file explains how each item supports a specific RED essential requirement. | Keep a bridge table with columns for RED requirement, ETSI control evidence, product boundary, test date, standard status, owner, and residual gap. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Source for documenting applied standards and technical specifications.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards providing technical detail rather than ETSI certification. |
| Timing | RED cybersecurity requirements activated by Delegated Regulation (EU) 2022/30 apply from 1 August 2025 after the amendment made by Delegated Regulation (EU) 2023/2444. | ETSI EN 303 645 evidence should be refreshed when the assessed product, software, service dependency, vulnerability process, or claimed standards status changes. | Plan RED cybersecurity testing, supplier evidence, and conformity-route decisions against the 1 August 2025 application date, not only against internal security-assurance cycles. | [Commission Delegated Regulation (EU) 2023/2444](https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj?ref=sorena.io) - Source for release and compliance calendar planning.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards use and OJEU citation context. |
| Enforcement and market surveillance | RED enforcement is handled by market-surveillance authorities in each Member State under Regulation (EU) 2019/1020. Non-compliant radio equipment can be subject to corrective action, withdrawal, recall, and prohibition orders, and persistent infringement can lead to administrative or criminal penalties under national law. | ETSI EN 303 645 has no direct enforcement authority. Non-compliance with an EN 303 645 control assessment does not itself constitute a RED infringement unless the standard has been cited in the Official Journal and is being relied on for a presumption-of-conformity claim. | Document the enforcement route clearly: which national MSA has jurisdiction, which Article 3 requirements are relevant, and whether OJEU-cited harmonised standards support the conformity claim so the authority response file is accurate from the start. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for market-surveillance and authority-cooperation duties.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards limits and the absence of ETSI enforcement authority.<br>[European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for checking RED harmonised-standard references before relying on presumption of conformity. |
| Overlap and reuse | RED technical documentation can incorporate EN 303 645 test results as supporting evidence where the assessed system boundary matches the radio equipment under review and the tested controls map to specific Article 3(3)(d), (e), or (f) requirements. | ETSI EN 303 645 control records can be reused for RED purposes only after adding a bridge note that identifies the RED essential requirement supported, the OJEU citation status of any related harmonised standard, and any residual gap requiring additional RED-specific testing or documentation. | Keep evidence reuse conditional: document the system-boundary match, the requirement mapping, the standards-status check, and the owner so a future reviewer or authority can independently verify each link without relying on undocumented project context. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for technical documentation and EU declaration evidence.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards providing technical detail rather than ETSI certification.<br>[Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for the Article 3(3)(d), (e), and (f) requirements that EN 303 645 evidence may support. |
| Decision rule | Use RED as the controlling workstream whenever the decision affects EU market placement, Article 3 essential requirements, conformity assessment, CE marking, DoC wording, or authority response. | Use ETSI EN 303 645 as supporting evidence when it strengthens the cybersecurity control record and the product boundary matches the RED equipment under review. | The defensible answer is usually not RED or ETSI EN 303 645. It is RED for the legal route, with carefully tagged ETSI EN 303 645 evidence where it actually supports the RED cyber case. | [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for legal route and market-access artifacts.<br>[ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards support and certification limits.<br>[European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for checking RED harmonised-standard references before relying on presumption of conformity. |

Sources for Scope - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Binding RED source for radio-equipment scope and market placement duties.
  - Quote: "radio equipment"

Sources for Scope - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source used here only for the role of ETSI standards; product-specific EN 303 645 scope still needs the standard text or assessment record.
  - Quote: "technical standards and specifications"

Sources for Scope - operational implication:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for legal market-access scope.
  - Quote: "placed on the market"
- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for the distinction between standards and certification.
  - Quote: "does not provide certification services"

Sources for Who must act - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for manufacturer, importer, distributor, and modified-product responsibilities.
  - Quote: "shall be considered a manufacturer"

Sources for Who must act - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards support; organizational ownership must be assigned in the product program.
  - Quote: "manufacturers and suppliers"

Sources for Who must act - operational implication:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Source for assigning legal accountability to the correct economic operator.
  - Quote: "obligations of manufacturers"

Sources for Trigger or threshold - RED:

- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for RED Article 3(3)(d), (e), and (f) activation categories.
  - Quote: "Article 3(3), point (d)"

Sources for Trigger or threshold - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards as technical specifications; EN 303 645 control details should come from the assessment record or standard text.
  - Quote: "technical detail"

Sources for Trigger or threshold - operational implication:

- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for trigger-specific RED cybersecurity mapping.
  - Quote: "protection from fraud"

Sources for Core obligations - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for Article 17 conformity assessment routes and harmonised-standard conditions.
  - Quote: "has not applied or has applied only in part"

Sources for Core obligations - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for when harmonised standards take effect and what they support.
  - Quote: "take effect when they are cited"

Sources for Core obligations - operational implication:

- [European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for OJEU-cited harmonised standards required for presumption of conformity.
  - Quote: "published in the Official Journal"

Sources for Evidence - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for technical documentation and EU declaration evidence.
  - Quote: "technical documentation"

Sources for Evidence - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards providing technical detail rather than ETSI certification.
  - Quote: "technical detail necessary"

Sources for Evidence - operational implication:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Source for documenting applied standards and technical specifications.
  - Quote: "other relevant technical specifications"

Sources for Timing - RED:

- [Commission Delegated Regulation (EU) 2023/2444](https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj?ref=sorena.io) - Source for the amended RED cybersecurity application date.
  - Quote: "It shall apply from 1 August 2025"

Sources for Timing - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards use and OJEU citation context.
  - Quote: "cited in the Official Journal"

Sources for Timing - operational implication:

- [Commission Delegated Regulation (EU) 2023/2444](https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj?ref=sorena.io) - Source for release and compliance calendar planning.
  - Quote: "1 August 2025"

Sources for Enforcement and market surveillance - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for market-surveillance and authority-cooperation duties.
  - Quote: "obligations of manufacturers"

Sources for Enforcement and market surveillance - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards limits and the absence of ETSI enforcement authority.
  - Quote: "ETSI does not provide certification services"

Sources for Enforcement and market surveillance - operational implication:

- [European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for checking RED harmonised-standard references before relying on presumption of conformity.
  - Quote: "summary list of titles and references"

Sources for Overlap and reuse - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for technical documentation and EU declaration evidence.
  - Quote: "technical documentation"

Sources for Overlap and reuse - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards providing technical detail rather than ETSI certification.
  - Quote: "technical detail necessary"

Sources for Overlap and reuse - operational implication:

- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for the Article 3(3)(d), (e), and (f) requirements that EN 303 645 evidence may support.
  - Quote: "Article 3(3), point (d)"

Sources for Decision rule - RED:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for legal route and market-access artifacts.
  - Quote: "essential requirements"

Sources for Decision rule - ETSI EN 303 645:

- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for standards support and certification limits.
  - Quote: "technical standards and specifications"

Sources for Decision rule - operational implication:

- [European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for checking RED harmonised-standard references before relying on presumption of conformity.
  - Quote: "summary list of titles and references"

### How should teams decide between RED and ETSI EN 303 645?

- Classify the product under RED before discussing ETSI EN 303 645 reuse.
- Map Article 3(3)(d), (e), and (f) triggers separately for connected radio equipment.
- Check OJEU citation status before claiming a harmonised-standard presumption of conformity.
- Use ETSI EN 303 645 evidence only where the assessed product boundary and RED essential requirement align.
- Keep the final RED decision in the technical file with the conformity route, owner, test evidence, and residual gaps.

Sources for the practical decision rule:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Binding RED source for the legal route.
  - Quote: "technical documentation"
- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for RED Article 3(3)(d), (e), and (f) cyber triggers.
  - Quote: "essential requirement"
- [Commission Delegated Regulation (EU) 2023/2444](https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj?ref=sorena.io) - Source for the 1 August 2025 RED cybersecurity application date.
  - Quote: "1 August 2025"
- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - Source for standards support, OJEU citation context, and certification limits.
  - Quote: "does not provide certification services"

## What is the practical difference?

Start with RED scope. Directive 2014/53/EU applies to radio equipment and requires manufacturers to design and manufacture equipment in line with Article 3, draw up technical documentation, perform the relevant conformity assessment, issue the EU declaration of conformity, and affix CE marking before placing equipment on the market.

Then decide how ETSI EN 303 645 evidence will be used. Treat it as a control baseline or assurance input unless the team has separately verified that a relevant harmonised standard or part of a harmonised standard has been cited in the Official Journal for the RED essential requirement being claimed.

- Use RED for legal scope, economic-operator duties, conformity assessment, technical documentation, EU DoC, CE marking, and authority response.
- Use ETSI EN 303 645 evidence to support product-security controls only where the tested system boundary matches the RED product and use case.
- Do not call ETSI EN 303 645 a RED presumption-of-conformity route unless the applicable OJEU citation and covered essential requirement have been checked.

Sources for this answer:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Binding RED source for scope, essential requirements, conformity assessment, technical documentation, EU declaration, and CE marking.
- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI explains how harmonised standards support EU directives, when they take effect, and that ETSI does not provide certification services.
- [European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission page for RED harmonised standards and OJEU publication references.

## Where does RED cybersecurity apply?

Delegated Regulation (EU) 2022/30 activates RED Article 3(3)(d), (e), and (f) for specified categories of radio equipment. The rules cover network protection for internet-connected radio equipment, personal-data and privacy safeguards for listed equipment where data processing criteria are met, and fraud-protection features for internet-connected radio equipment that enables transfers of money, monetary value, or virtual currency.

Delegated Regulation (EU) 2023/2444 moved the application date to 1 August 2025 and explains that the related harmonised standards work concerns cybersecurity, namely network protection, personal data and privacy, and fraud protection.

- Check whether the device is radio equipment first; an ETSI EN 303 645 assessment does not answer RED scope by itself.
- For connected radio products, map Article 3(3)(d), (e), and (f) separately because each point has its own trigger.
- Keep the 1 August 2025 RED cybersecurity application date visible in release, test, supplier, and CE-file planning.

Sources for this answer:

- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Delegated RED cybersecurity source for Article 3(3)(d), (e), and (f) equipment categories.
- [Commission Delegated Regulation (EU) 2023/2444](https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj?ref=sorena.io) - Delegated source changing the RED cybersecurity application date and describing the standards work.

## What evidence should be retained?

The RED file should be readable without project context. It should show the radio-equipment scope decision, the Article 3 requirement matrix, applied harmonised standards or other technical specifications, test reports, risk analysis, EU DoC, CE marking basis, notified-body material where required, and a bridge explaining any ETSI EN 303 645 reuse.

For ETSI EN 303 645, keep control evidence at the level of the assessed consumer IoT product or system boundary. Reuse it for RED only after documenting which RED essential requirement it supports and whether the applicable RED conformity route accepts that evidence without a notified-body step.

- Tag each evidence item as RED legal evidence, ETSI EN 303 645 control evidence, or shared supporting evidence.
- Record OJEU citation checks for any harmonised-standard presumption-of-conformity claim.
- Reopen the bridge note when the product configuration, software, data processing, payment feature, supplier evidence, or harmonised-standard status changes.

Sources for this answer:

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - RED source for technical documentation, EU declaration, CE marking, and conformity assessment records.
- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Delegated source for RED cybersecurity evidence scoping against Article 3(3)(d), (e), and (f).
- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - ETSI source for how standards support directives and the limits of ETSI certification claims.

*Recommended next step*

*Placement: after evidence section*

## Build a RED cyber evidence bridge

Map your connected radio product from RED Article 3(3) triggers to standards, tests, ETSI EN 303 645 controls, supplier evidence, CE-file records, and release decisions.

- [Open Research Copilot](/solutions/research-copilot.md): Check RED scope, OJEU standards status, and cyber evidence questions with cited outputs.
- [Talk through implementation](/contact.md): Review your product boundary, Article 3(3) matrix, supplier evidence, and CE-file bridge.

## Primary sources

- [Directive 2014/53/EU on radio equipment](https://eur-lex.europa.eu/eli/dir/2014/53/oj?ref=sorena.io) - Binding RED source for the legal route.
  - Quote: "technical documentation"
- [Commission Delegated Regulation (EU) 2022/30 on RED cybersecurity](https://eur-lex.europa.eu/eli/reg_del/2022/30/oj?ref=sorena.io) - Source for RED Article 3(3)(d), (e), and (f) cyber triggers.
  - Quote: "essential requirement"
- [Commission Delegated Regulation (EU) 2023/2444](https://eur-lex.europa.eu/eli/reg_del/2023/2444/oj?ref=sorena.io) - Source for the 1 August 2025 RED cybersecurity application date.
  - Quote: "1 August 2025"
- [European Commission - Harmonised standards for radio equipment](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/radio-equipment_en?ref=sorena.io) - Commission source for checking RED harmonised-standard references before relying on presumption of conformity.
  - Quote: "summary list of titles and references"
- [ETSI - Supporting European regulation](https://www.etsi.org/standards/supporting-european-regulation?ref=sorena.io) - Source for standards support, OJEU citation context, and certification limits.
  - Quote: "does not provide certification services"

## Related Topic Guides

- [Are radio kits and evaluation boards covered by the RED? | RED FAQ](/artifacts/eu/radio-equipment-directive/faq/kits.md): RED FAQ for radio kits, construction kits, amateur-radio kits, and custom-built professional R&D evaluation boards under Directive 2014/53/EU.
- [EU Radio Equipment Directive Timeline: practical guide](/artifacts/eu/radio-equipment-directive/timeline.md): EU Radio Equipment Directive guide to Timeline with scope decisions, owner actions, evidence records, source-linked citations, and practical next steps.
- [EU RED Applicability Test for Radio Equipment](/artifacts/eu/radio-equipment-directive/applicability-test.md): Decide whether Directive 2014/53/EU applies to a connected product, which RED requirements are triggered, and what evidence belongs in the technical file.
- [EU RED Common Charger FAQ: Which devices need USB-C?](/artifacts/eu/radio-equipment-directive/faq/common-charger.md): FAQ on EU RED common charger scope, 28 December 2024 and 28 April 2026 dates, USB-C, USB Power Delivery, charger unbundling, labels, pictograms, and evidence.
- [EU RED Common Charger Obligations: USB-C scope, dates, labels](/artifacts/eu/radio-equipment-directive/common-charger-obligations.md): source-linked RED common charger guide covering in-scope device categories, 28 December 2024 and 28 April 2026 dates, USB-C, USB PD, charger unbundling, labels, pictograms, and evidence.
- [EU RED compliance evidence guide](/artifacts/eu/radio-equipment-directive/compliance.md): Build a Radio Equipment Directive compliance file with Article 3 requirement mapping, harmonised-standard checks, conformity assessment evidence, EU declarations, CE marking, and RED source links.
- [EU RED Cybersecurity Product Categories: 2022/30 scope](/artifacts/eu/radio-equipment-directive/cybersecurity-delegated-act-product-categories.md): source-linked guide to RED Delegated Regulation (EU) 2022/30 product categories for Article 3(3)(d), (e), and (f), carve-outs, 1 August 2025 application, and release evidence.
- [EU RED FAQ: Scope, CE and USB-C](/artifacts/eu/radio-equipment-directive/faq.md): Answers to common EU RED questions on radio equipment scope, Article 3 requirements, cybersecurity, USB-C common charger rules, CE marking, and technical-file evidence.
- [EU RED Radio Equipment Scope: products and exclusions](/artifacts/eu/radio-equipment-directive/radio-equipment-scope.md): Decide whether a product is radio equipment under Directive 2014/53/EU, with RED scope tests, exclusions, examples, and evidence records.
- [EU RED Requirements Map: CE and Article 3](/artifacts/eu/radio-equipment-directive/requirements.md): Map Radio Equipment Directive requirements for radio products: Article 3 safety, EMC, spectrum, selected Article 3(3) duties, common charger rules, conformity assessment, CE marking, EU declaration, and technical documentation.
- [EU RED Scope and Classification](/artifacts/eu/radio-equipment-directive/scope-and-classification.md): Classify products under the EU Radio Equipment Directive with source-linked tests for radio equipment scope, exclusions, Article 3 requirement buckets, cybersecurity, common charging, and evidence records.
- [EU RED Scope Classification Workflow](/artifacts/eu/radio-equipment-directive/red-scope-classification-workflow.md): Classify products under the EU Radio Equipment Directive with a source-linked workflow for RED scope, exclusions, Article 3 requirements, standards, CE evidence, cybersecurity, and common-charger triggers.
- [RED Article 10 labelling, instructions, and restrictions](/artifacts/eu/radio-equipment-directive/article-10-labelling-and-restrictions.md): source-linked RED Article 10 guide for radio equipment labels, manufacturer contact details, instructions, DoC statements, frequency information, and use restrictions.
- [RED Article 3 requirement selection workflow](/artifacts/eu/radio-equipment-directive/article-3-requirement-selection-workflow.md): Select the right RED Article 3 branches for radio equipment: safety, EMC, spectrum, delegated Article 3(3) duties, cybersecurity, common charging, evidence, and conformity assessment.
- [RED Article 3 Requirements: Safety, EMC, Spectrum and Cyber](/artifacts/eu/radio-equipment-directive/article-3-1-3-2-and-3-3-requirements.md): Map Radio Equipment Directive Article 3(1), 3(2), and 3(3) requirements to safety, EMC, spectrum, interoperability, emergency, software, and cyber evidence.
- [RED Compliance Checklist for Radio Equipment](/artifacts/eu/radio-equipment-directive/checklist.md): source-linked RED checklist for radio equipment scope, Article 3 requirements, technical documentation, DoC, CE marking, cybersecurity, common charger, and notified-body decisions.
- [RED compliance deadlines calendar: 2016, 2024, 2025 and 2026 dates](/artifacts/eu/radio-equipment-directive/deadlines-and-compliance-calendar.md): Calendar the EU Radio Equipment Directive deadlines that affect launches: RED applicability, transition end, common charger dates, cybersecurity requirements, OJEU standards, CE marking, declarations and technical files.
- [RED conformity assessment and CE marking](/artifacts/eu/radio-equipment-directive/conformity-assessment-and-ce.md): EU Radio Equipment Directive guide to Article 17 conformity modules, notified-body triggers, technical documentation, EU declarations, and CE marking.
- [RED Conformity Assessment Template](/artifacts/eu/radio-equipment-directive/red-conformity-assessment-template.md): Template fields for documenting RED Article 3 requirements, Article 17 route selection, harmonised standards, notified-body evidence, technical documentation, EU declaration, CE marking, cybersecurity, and common-charger checks.
- [RED Cyber Compliance Workflow for Article 3(3)(d/e/f)](/artifacts/eu/radio-equipment-directive/cyber-compliance-workflow.md): A source-linked RED cybersecurity workflow for internet-connected radio equipment, privacy and data safeguards, payment-fraud features, evidence packs, and CE release gates.
- [RED Cybersecurity Delegated Act Guide | Article 3(3)(d/e/f)](/artifacts/eu/radio-equipment-directive/red-cybersecurity-delegated-act-guide.md): Practical guide to Delegated Regulation (EU) 2022/30 under the Radio Equipment Directive, covering Article 3(3)(d), (e), and (f) cybersecurity scope, 1 August 2025 application, evidence, standards, and notified-body checkpoints.
- [RED Cybersecurity Requirements for Radio Equipment](/artifacts/eu/radio-equipment-directive/cybersecurity-requirements.md): EU RED cybersecurity requirements under Article 3(3)(d), (e), and (f): scope, affected radio equipment, application date, standards, notified bodies, and evidence.
- [RED DoC and CE marking file: what to include](/artifacts/eu/radio-equipment-directive/faq/doc-and-ce.md): FAQ answer for Radio Equipment Directive declarations of conformity, CE marking evidence, technical documentation, notified-body records, and related labels.
- [RED EMC and LVD Safety Interplay for Radio Equipment](/artifacts/eu/radio-equipment-directive/emc-and-lvd-safety-interplay.md): Explain how EU RED Article 3 applies LVD safety objectives and EMC requirements to radio equipment, with evidence, test-plan, and technical-file guidance.
- [RED Harmonised Standards and Test Plans: OJEU evidence guide](/artifacts/eu/radio-equipment-directive/harmonized-standards-and-test-plans.md): Build a Radio Equipment Directive standards matrix and test plan around OJEU-cited harmonised standards, Article 3 requirements, Article 17 route triggers, and Annex V technical-file evidence.
- [RED importer obligations FAQ | Directive 2014/53/EU](/artifacts/eu/radio-equipment-directive/faq/importers.md): What importers must check before placing radio equipment on the EU market: conformity assessment, spectrum use, technical documentation, EU declaration, CE marking, traceability, instructions, restrictions, storage, corrective action, and authority cooperation.
- [RED notified body route selection under Article 17](/artifacts/eu/radio-equipment-directive/notified-body-route-selection.md): Decide when RED radio equipment can use internal production control and when Article 17 requires Annex III EU-type examination or Annex IV full quality assurance.
- [RED Notified Body Trigger Workflow: Article 17 evidence guide](/artifacts/eu/radio-equipment-directive/notified-body-trigger-workflow.md): Decide when the EU Radio Equipment Directive needs a notified body by mapping Article 3 requirements, OJEU-cited harmonised standards, Annex III EU-type examination, and Annex IV full quality assurance evidence.
- [RED penalties, fines, and enforcement actions](/artifacts/eu/radio-equipment-directive/penalties-and-fines.md): EU Radio Equipment Directive penalties guide covering Article 46, Member State penalty rules, recalls, withdrawals, formal non-compliance, and enforcement evidence.
- [RED radio modules FAQ: host product assessment](/artifacts/eu/radio-equipment-directive/faq/radio-modules.md): FAQ on how Directive 2014/53/EU treats RF modules and host products, including module evidence, final-product responsibility, Article 3 assessment, technical documentation, instructions, antennas, software, and DoC records.
- [RED SAR and RF Exposure Evidence FAQ](/artifacts/eu/radio-equipment-directive/faq/sar-and-wireless-exposure.md): What SAR and RF exposure evidence to keep under the EU Radio Equipment Directive, including Article 3(1)(a), foreseeable use, frequency, power, antenna, and standards evidence.
- [RED software update impact for radio equipment](/artifacts/eu/radio-equipment-directive/software-update-impact.md): Assess when firmware, app, and software updates can affect EU Radio Equipment Directive conformity, technical documentation, DoC, standards, and notified-body evidence.
- [RED standards not cited in the OJEU: can you use them?](/artifacts/eu/radio-equipment-directive/faq/standards-not-cited-in-ojeu.md): FAQ answer for Radio Equipment Directive products when a standard is useful but not OJEU-cited, including presumption of conformity, Article 17 route selection, and technical-file evidence.
- [RED vs Cyber Resilience Act: radio equipment cyber scope](/artifacts/eu/radio-equipment-directive/red-vs-cyber-resilience-act.md): Compare RED cybersecurity duties with Cyber Resilience Act planning for connected radio equipment, using grounded RED scope, evidence, dates, and caveats.
- [RED vs EMC Directive: when radio equipment uses RED instead of EMCD](/artifacts/eu/radio-equipment-directive/red-vs-emc.md): Compare the EU Radio Equipment Directive and EMC Directive for radio products, EMC evidence, CE marking, declarations, technical files, and scope boundaries.
- [RED vs LVD: when radio equipment uses RED for electrical safety](/artifacts/eu/radio-equipment-directive/red-vs-lvd.md): Compare the EU Radio Equipment Directive and Low Voltage Directive for radio-product safety, voltage limits, CE marking, technical files, and declarations.
- [RED vs Market Surveillance Regulation: radio equipment compliance roles](/artifacts/eu/radio-equipment-directive/red-vs-msr.md): Compare RED product conformity duties with EU Market Surveillance Regulation controls for radio equipment, online sales, responsible operators, customs holds, and evidence.
- [RED vs UK PSTI for connected radio products](/artifacts/eu/radio-equipment-directive/red-vs-uk-psti.md): Compare EU RED duties with UK PSTI planning for connected radio products: scope, actors, evidence, cybersecurity overlap, CE marking, and separate UK product-security workstreams.
- [When do RED cybersecurity requirements apply to connected radio equipment? | RED FAQ](/artifacts/eu/radio-equipment-directive/faq/cybersecurity-applicability.md): RED FAQ explaining when Article 3(3)(d), (e), and (f) cybersecurity requirements apply to internet-connected, childcare, toy, wearable, and payment-capable radio equipment.
- [Which receivers and transmitters are covered by RED? | Directive 2014/53/EU FAQ](/artifacts/eu/radio-equipment-directive/faq/receivers-and-transmitters.md): RED scope FAQ for products that intentionally emit or receive radio waves for radio communication or radiodetermination, including receiver-only products, transmitters, accessory-dependent products, and common exclusions.
- [Wi-Fi and Bluetooth Products Under the EU RED](/artifacts/eu/radio-equipment-directive/faq/wi-fi-and-bluetooth-products.md): FAQ for assessing Wi-Fi, Bluetooth, BLE and other short-range wireless products under the EU Radio Equipment Directive, including Article 3, CE, technical file, cybersecurity and notified-body triggers.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/radio-equipment-directive/red-vs-etsi-en-303-645