EU RED Cybersecurity Requirements in Force: Checklist (2025)

🇪🇺 EU RED Cybersecurity Requirements (In Force 1 Aug 2025): Documentation & Obligations

New cybersecurity requirements under the European Union's Radio Equipment Directive (RED) came into effect on August 1, 2025.

These requirements will apply to all new consumer devices, particularly those with wireless communication capabilities. Existing products will not be retroactively affected, but they may be reassessed if significant security updates are made.

Exemptions from the scope can only be narrowly combined with those for devices that do not process personal data.

According to the regulation, devices placed on the market, during their final lifecycle, will be responsible for managing security risks, monitoring security vulnerabilities, and providing policies (for a minimum of five years).

Statut: Active enforcement

Learn more here

📌 What This Means for Manufacturers

• Immediately update CE documentation and conformity procedures for any newly launched wireless or IoT devices.
• Initiate cybersecurity risk assessments and maintain five-year security monitoring and policy documentation.
• Coordinate with legal and engineering to evaluate firmware update protocols and endpoint security lifecycle obligations.

🌍 EAEU Energy Efficiency & Labelling Regulation Delayed to 2028

The Council of the Eurasian Economic Commission, at Russia's request, has postponed the implementation of the EAEU technical regulation on energy efficiency for energy-consuming devices to September 1, 2028.

This delay allows for updates to document requirements and the development of necessary secondary legislation, including standards and energy efficiency labels.

Additionally, the decision establishing label forms and design rules for various energy-consuming devices has been postponed to March 1, 2028. Specific requirements in several appendices to the technical regulations have also been delayed by three years.

Statut: In effect. It will cover all energy-labelled product groups trading with Eurasian Economic Union countries. (Armenia, Belarus, Kazakhstan, Kyrgyz Republic, Russian Federation)

Learn more here

📌 What This Means for Manufacturers

• Postpone immediate compliance investments but start updating documentation pipelines aligned with expected 2028 standards.
• Monitor secondary legislation drafts — especially energy labeling templates — to avoid future redesign cycles.
• Map affected product categories and update internal roadmaps for Eurasian market entry or product updates.

🇮🇩 Indonesia Telecom Declaration of Conformity (DoC) Format Mandatory (DJID, Aug 2025)

The Indonesian Directorate General of Digital Infrastructure (DJID) has updated the Declaration of Conformity (DoC) format for telecommunications equipment and devices.

With the official letter published on July 15, 2025, the use of the new DoC format became mandatory for all new applications starting August 1, 2025. After August 31, 2025, applications submitted using the old format will no longer be accepted.

The new format aims to expedite application evaluation and standardize documents more objectively. The DoC will be written on the letterhead of the company responsible for the application and will declare the compliance of the relevant device with the Technical Standards.

Statut: In effect

Learn more here

📌 What This Means for Manufacturers

• All new product certifications after August 31 must use the updated format — legacy documentation will be rejected.
• Ensure local certification teams have updated templates and workflows by mid-August.
• Clarify document ownership within compliance, legal, or product divisions to avoid submission bottlenecks.

✅ Need help operationalizing these shifts?EcoComply’s real-time alerts and workflow automation platform keeps your compliance documentation, labeling strategies, and cybersecurity policies up to date - across markets.