RED DA & CRA – Prepared?

RED DA & CRA - Vorbereitet

RED DA & CRA – Prepared? On August 1, 2025, the RED DA (Radio Equipment Directive Delegated Act) will become active and all devices connected in the IoT must comply with EN18031 – with only a few exceptions. The RED DA thus initiates the transition phase until the Cyber Resiliance Act (CRA) comes into law in the EU at the end of 2027.

Your company is probably already preparing for this, so here is a brief overview of how we as Ineltek, together with our partners, can support you on this final stage.

Starting point & support for the implementation of RED DA and CRA

In recent years, there has been an increasing number of attacks on networked infrastructure worldwide. IoT devices have become a major target in this context. These devices – usually equipped with efficient rather than high-end computing power – require special attention. As an endpoint “on the edge”, IoT devices often provide a direct attack vector for hackers. However, in order to offer the actual added value associated with the IoT, these devices must be connected to an central infrastructure and be able to use server services. This connection is often realized via an app on a standard smartphone as a gateway.

Based on this situation, requirements have been defined in Article 3.3. d, e, f of the RED in order to prevent prominent global events such as the Mirai Bot Net (2016) in the future. These new articles, which must be considered and verified in the products from August 1, 2025. They essentially address

Article 3.3 d

Improving Network Security

Article 3.3 e

Privacy of the user/consumer

Article 3.3 f

Reduction of Fraud Risk

Get your products compliant with EN18031

The process defined in the regulation describes many details that we do not want outline in detail here. But after all, it is about determining the possible risks for the device in the IoT application (e.g. through penetration tests) and developing and implementing defensive measures on this in hardware and software. Once this has been completed, detailed documentation must be created which enables a certification to be achieved.

Our partner CyberWhiz described this in detail in a recent webinar alongside a presentation of how CyberWhiz solutions can help you to complete this process in an optimal, efficient and timely manner.

Webinar Recording!

Watch our CyberWhiz webinar on the challenges & regulations in cyber security on YouTube

hier.

Harden your device with hardware security solutions

Secure memory ICs and secure elements, which consist of a secure memory and provide additional functions for key & certificate management as well as authentication, play a central role in significantly increasing protection against hacking in embedded electronics. These ICs offer protection in hardware against being read out even if the package is opened. In addition they have integrated peripherals to prevent, for example, that the power consumption allows conclusions about the internal calculations and much more.

Especially for consumer devices that are freely available for sale and hackers can easily gain physical access to them, this kind of protection is essential to protect keys, certificates and other secrets relating to the infrastructure of the IoT application.

Our partners SealSQ and Winbond offer the right products for this – some with a PKI solution for easy integration into your application.

SealSQ, a subsidiary of WISeKey International Holding Ltd. is based in Switzerland and offers provisioning services and certificates in addition to the hardware solutions mentioned here. As a root-of-trust in the heart of Europe, WiseKey offers an independent alternative in times of geopolitical tensions worldwide.

The VaultIC family from SealSQ secures your IoT devices. These ICs are offered with the turnkey PKI for IoT INeS to make integration into your applications as easy as possible.

You can find out more about the popular derivative VaultIC292 here.

SealSQ also offers TPM solutions that already support post-quantum cryptography (PQC). We would be happy to talk to you directly about the details of how security can now be ensured in system-relevant areas beyond the IoT.

The Taiwanese manufacturer Winbond has been developing and producing memory ICs in NOR, NAND and DRAM technology since the mid-1980s. The W77Q and W77F secure flash memory are an important product group.

To meet the requirements of the RED DA, the W77Q flashes offer a crucial advantage. Firstly, they are function and PIN compatible with the standard W25Q flash and thus enable an existing application to be upgraded directly via drop-in. They offer an EAL 2+ security level and are ideal for meeting the requirements of ISO18031.

The W77F series meets the highest security requirements for e.g. gateways or as memory on larger processors for which secure code execution must be guaranteed.

You can find details on both families in our product introduction here.

RED DA & CRA – Prepared? Talk to us about the possibilities in hardware & software as well as development support for a successful certification of your products according to EN18031 by August 01, 2025! Talk to us directly or send us an inquiry here

Contact Print Go Back Top