Radio Equipment Directive (RED)
Learn how Infineon supports the essential requirements listed in Articles 3.3 (d), (e), and (f) of RED and how to navigate the legislation

Infineon is committed to enabling security for the IoT

Infineon welcomes the adoption of delegated articles 3.3 (d), (e), (f) of the Radio Equipment Directive RED (2014/53/EU) by the EU Commission.


As the industry moves to the standardization phase, which includes defining the compliance and technical requirements for the devices to support the security and privacy outcomes promoted by RED, Infineon is participating in these European standardization groups to help our customers meet the requirements and plan for future success.

About the Radio Equipment Directive

  • RF-enabled devices that are sold in the European Union must comply with the RED security and privacy requirements from August 1, 2024. 
  • The Radio Equipment Directive 2014/53/EU updated security and privacy articles 3(3)(d,e,f) was adopted on October 29, 2021 by the EU Commission 

Applicability and Targets:

  • Network Protection article 3(3)d - all radio equipment that can communicate itself (directly or indirectly) over the internet
  • Privacy protection article 3(3)e - all radio equipment capable of processing personal data
    a) internet-connected radio equipment,
    b) childcare and toys (Directive 2009/48/EC9) radio equipment
    c) wearable radio equipment
  • Fraud protection article 3(3)f – all internet-connected radio equipment used to transfer money, monetary value or virtual currency

Devices must comply with the RED security and privacy requirements from August 1, 2024 if they are RF-enabled devices and sold in the European Union. The transition by mid-2024 allows device makers over 30 months to comply.

Examples of security and privacy functionality required to be fulfilled by a RED compliant equipment

“*examples of requirements listed here are not exhaustive”

In lieu of Article 3(3)(d) of Directive 2014/53/EU for network protection

In lieu of Article 3(3)(e) of Directive 2014/53/EU for privacy protection

In lieu of Article 3(3)(f) of Directive 2014/53/EU for fraud protection

-secured by default and by design

-provided with up-to-date software and hardware that do not contain known security vulnerabilities, at the moment of placing on the market

-designed to mitigate the effects of ongoing denial of service attacks

-protect stored, transmitted, received or otherwise processed access data against unauthorized storage, processing, access or disclosure

-protect stored, transmitted, received or otherwise processed access data against unauthorized destruction, loss or alteration or lack of availability

-protect stored, transmitted, received or otherwise processed personal data against accidental or unauthorized storage, processing, access or disclosure

-ensure that authorized persons, programs or machines are able only to access the personal data, to which their access rights refer

-implement routines suitable for its installation and configuration, avoiding potential unintended security flaws

-perform software or firmware integrity check during system startup, being able to alert the user in cases of compromised integrity

-implement secured connection

-protect stored, transmitted, received or otherwise processed financial or monetary data against unauthorized storage, processing, access or disclosure

-ensure appropriate access rights to the financial or monetary data

-provided with up-to-date software and hardware that do not contain known security vulnerabilities, at the moment of placing on the market

 

Infineon’s Security Solutions for the connected world

Explore some of Infineon’s security products

PSoC™ Microcontrollers

Click here

OPTIGA™ embedded security solutions

Click here

SECORA™ security solutions

Click here