Skip to content
EU

EU to Repeal RED Cybersecurity Delegated Regulation as CRA Takes Over in 2027

The European Commission has announced that the RED Cybersecurity Delegated Regulation (EU) 2022/30 will be repealed on 11 December 2027, aligning with the full application of the Cyber Resilience Act (CRA). This shift is intended to eliminate overlapping cybersecurity requirements and move toward a single, consistent EU-wide framework for digital product security.

Why This Matters?

The CRA introduces broad, horizontal cybersecurity obligations that already cover the same areas addressed by the RED cybersecurity provisions. Consolidating these requirements under the CRA creates greater regulatory clarity for manufacturers and ensures a more unified approach to cybersecurity across all products with digital elements. Until 10 December 2027, radio equipment placed on the EU market must still comply with the existing RED cybersecurity rules.

What Happens After 11 December 2027?

From this date forward, the CRA becomes the primary legal framework for cybersecurity requirements in the EU. Radio equipment previously covered under RED cybersecurity rules will fall fully under the CRA’s expanded obligations, which include secure‑by‑design principles, vulnerability handling processes, updated technical documentation, and lifecycle‑long security responsibilities.

What Manufacturers Should Do Now?

  • Assess and categorize your product portfolio to understand whether each device falls under RED requirements during the transition or will be regulated under CRA obligations.
  • Update compliance processes, such as risk assessments, documentation, and security-by-design practices to align with CRA standards.
  • Follow upcoming EU guidance, implementing acts, and harmonized standards, which will shape the practical roadmap to CRA compliance leading up to 2027.

For any questions, clarifications, or further information regarding this consultation, please contact: Sofilyx Compliance

Section Title

Canada ISED Updates Technical Requirements for 21.2–23.6 GHz Fixed Radio Systems

Canada updates SRSP-321.2 with expanded spectrum, new bandwidths, and improved technical...

Belize Updates National Spectrum Allocation Plan for 2026

Belize updates its spectrum plan to boost connectivity, innovation, and efficient frequency use...

Brazil ANATEL Updates Technical Rules for Mobile Signal Boosters

ANATEL updates technical rules for indoor signal boosters to improve connectivity and prevent...

Togo Adopts New National Frequency Plan

Togo improves spectrum management with a new national plan supporting connectivity and innovation...

Vietnam Updates Product Certification Rules (Circular No. 14/2026/TT-BKHCN)

Vietnam’s Circular No. 14/2026/TT-BKHCN introduces a modern, risk-based approach to product...

FCC Offers Faster Certification for Products Tested in Trusted Labs

The FCC introduces new rules to accelerate certification for products tested in trusted labs while...

European Commission to Repeal Cybersecurity Regulation (EU) 2022/30 by 2027

The European Commission has confirmed the repeal of Delegated Regulation (EU) 2022/30 through...

Indonesia Regulation No. 8 of 2026: Radio Spectrum Allocation Update

Indonesia has introduced Regulation No. 8 of 2026, updating the national spectrum allocation...

Type Approval Is Now Required for Electronic Communications Equipment in Eswatini

From April 2026, Eswatini will require valid type approval certification for all electronic...