REGULATION/COMPLIANCE
RED DA beefs up UC cybersecurity defences
The EU’s latest directive on radio equipment cybersecurity impacts UC solutions sold in the EU. UC Advanced explores how resellers of UC and connectivity devices in the EU and UK are affected.
The European Union (EU)’s latest addition to the Radio Equipment Directive (RED) 2014/53 mandates that certain types of radio equipment – including many of the wireless devices used in unified communications solutions – upgrade their cybersecurity defences. That means resellers and distributors have a duty to be certain that any new wireless products they sell have built-in capabilities such as DoS protection, encryption, authentication, access controls, network traffic monitoring, and secure storage for example. The RED Delegated Act (EU 2022/30) came into force for all connected radio equipment sold in the EU, regardless of their origin, on 1 August 2025. Its scope extends to any device which can independently establish an autonomous connection with the Internet (the IP protocol is specified), whether the device actually uses that capability or not. That includes the smartphones, laptops, tablets, cameras, wireless headsets and network infrastructure equipment (WiFi routers and access points) which are often used by UC solutions, as well as things like consumer IoT products, industrial control systems (ICS), baby monitors and smartwatches.
networks, end users and private from cyber threats. To that end the harmonized regulation enforces the essential requirements of the original RED 2014/53/ EU directive – namely article 3.3(d) which mandates that radio equipment must not hard the network or its function, nor misuse network resources; 3.3(e) which insists on the incorporation of safeguards to ensure the personal and privacy of the user and subscriber are protected; and 3.3(f) which demands features to protect against fraud. RED DA establishes three separate standards aligned to those three articles. The first is EN 18031-1 for network protection, designed to ensure that devices prevent harm to network infrastructure, avoid disruptions and mitigate against resource misuse (eg DoS attacks and unauthorized access). Elsewhere EN 18031-2 covers data protection and focusses on safeguarding personal data and user privacy through encryption, robust authentication, and controls against unauthorized access or interception. Of less relevance to UC solutions is EN 18031-3, because it applies to radio devices that process virtual currencies and associated transactions. As such it’s primarily designed to address the risks of unauthorized payments through the implementation of secure transaction protocols, fraud detection mechanisms and protection against payment system
Its scope extends to any device which can independently establish an autonomous connection with the Internet (the IP protocol is specified), whether the device actually
uses that capability or not.
Prioritise network and data protection
The motivation behind RED DA is to prioritise the protection of company
52
Powered by FlippingBook