In a move to ensure a comprehensive and well-prepared transition, the European Commission has announced the postponement of the entry into force for cybersecurity requirements outlined in the Radio Equipment Directive.
Published on July 20th, 2023, the Delegated Regulation amends the Regulation (EU) 2022/30, responding to feedback received during the consultation period. Notable revisions include:
- New Implementation Date: The essential requirements for radio equipment, as stipulated in Article 3(3), points (d), (e), and (f), will now come into effect on August 1st, 2025, providing stakeholders with additional time to ensure compliance and readiness.
- Amendment in Language: Article 1(2) of Delegated Regulation (EU) 2022/30 sees a linguistic refinement, replacing the conjunction “AND” with “OR” in the context of traffic data and location data, clarifying regulatory language for enhanced understanding.
While these adjustments mark a delay in the cybersecurity requirements, the remainder of Delegated Regulation 2022/30 and the applicability of requirements within the Radio Equipment Directive remain unaltered.
Impact Assessment:
- Type Approval: Cybersecurity requirements under the Radio Equipment Directive are postponed, providing companies with an extended timeline for compliance readiness.
- Spectrum: No direct impact on spectrum allocation.
- Imports: Import regulations remain unaffected.
- Standards: No changes to existing standards.
- Product: Notably, Internet-connected devices and IoT products are among those impacted by the revised implementation timeline.