RED Directive: The Cybersecurity Compliance Countdown – Part 9

Tags:

Closeup women eye being futuristic vision for biometric authentication to unlock security, digital technology screen over the eye vision background, security and command in the accesses. Surveillance and safety concept

15 Jul 2025

Lessons Learned & What’s Next

After months of preparation, testing, documentation, and last-minute refinements, the RED cybersecurity compliance deadline has arrived. For manufacturers who started early, this marks a significant achievement. But for those still scrambling, it’s a wake-up call about the increasing complexity of cybersecurity regulations.

Now that the first phase of compliance is behind us, what key lessons can we take away – and what comes next for cybersecurity in connected devices?

Key Takeaways from the RED Compliance Process

Proactive Compliance Pays Off
Companies that approached compliance as an ongoing strategy, rather than a last-minute hurdle, navigated the process more smoothly. Those that invested early in security testing and documentation avoided delays, while late adopters faced bottlenecks and rushed fixes.
Testing & Documentation Are the Biggest Stumbling Blocks
One of the most common reasons for certification failure was insufficient cybersecurity testing or missing documentation. Many manufacturers underestimated the depth of testing required– especially penetration testing – and struggled to provide comprehensive technical files.
Regulatory Alignment is Key to Future Success
RED is just the beginning. The Cyber Resilience Act (CRA) and evolving international cybersecurity regulations will soon impose even stricter Companies that aligned with both RED and CRA from the start now have a head start in long-term cybersecurity resilience.

What’s Next? The Future of Cybersecurity Compliance

CRA will expand security obligations beyond radio devices to all connected products. Expect mandatory security updates, vulnerability reporting, and stricter software supply chain requirements.
AI and IoT Security Regulations are on the horizon, with new guidelines for AI-driven devices and increased scrutiny on connected medical devices, smart homes, and industrial systems.
Stronger Global Standards are emerging, with regions outside the EU adopting similar cybersecurity frameworks. Manufacturers exporting to the U.S., Japan, or Australia should anticipate overlapping regulations.

Final Thought

Compliance is not a one-time achievement but an ongoing process. Companies that embed cybersecurity into their design, development, and post-market strategies will not only meet regulations but also build trust with consumers and stakeholders.

RED compliance may be done for now, but the cybersecurity journey is far from over. The question isn’t just “Are you compliant today?” but “Are you ready for what’s next?”

Joakim Mark

Technical Manager

Joakim Mark joined Intertek in 2021 as the Technical Manager for the Common Criteria Lab in Kista, Sweden, progressively expanding his role as lab manager and member of the IoT cybersecurity team in Kista, Sweden. Overall, Joakim brings more than 30 years of IT industry experience spanning both technical and strategic roles.