MOBILITY ENGINEERING Produced by SAE Media Group
MOBILITY ENGINEERING
Magazines
Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Document cover
White PaperTest & Measurement

Understanding the Cyber Security requirements for RED, PSTI & CRA

SPONSORED BY:

On 1st August 2025, mandatory cybersecurity compliance comes into effect for products sold in Europe under the Radio Equipment Directive (RED). This change will require manufacturers to ensure that both new and existing products are compliant. This is part of a larger legislative transition for product cyber security requirements, including the 2022 and 2024 Product Security and Telecommunications Infrastructure (PSTI) regime and the upcoming Cyber Resilience Act (CRA), which comes into force in 2027.

In this whitepaper, Element’s radio experts, Alex Toohie and Michael Derby, unpack the cybersecurity regulatory landscape, the new mandatory requirements in the RED and PSTI, how manufacturers need to prepare to ensure compliance from 1st August 2025, and the upcoming CRA regulations.

Topics:
Cybersecurity FDA Compliance/Regulatory Affairs Test & Measurement Wireless Technologies

Don't have an account?

Overview

The white paper discusses the evolving landscape of cyber security legislation aimed at enhancing the security of connected products. It highlights three key pieces of legislation: the UK’s Product Security and Telecommunications Infrastructure Act (PSTI Act) and its accompanying regulations, the EU’s Delegated Regulation under the Radio Equipment Directive (RED), and the Cyber Resilience Act (CRA).

The PSTI Act, enacted in 2022, and the PSTI Regulations, introduced in 2024, establish a framework for manufacturers to ensure their products are secure against cyber threats. The EU’s RED, effective from August 1, 2025, mandates compliance with new cyber security requirements, while the CRA, set to come into force in stages from September 2026 to December 2027, introduces mandatory reporting obligations for manufacturers regarding vulnerabilities.

The paper outlines the types of cyberattacks that these regulations aim to mitigate, including unauthorized access to secure networks, the formation of botnets using IoT devices, and the theft of personal data through connected devices. It emphasizes the importance of designing products with security in mind, ensuring they are free from known vulnerabilities, and providing mechanisms for updates and secure data handling.

To assist manufacturers in navigating these complex requirements, the paper details the services offered by Element, including advisory services for compliance strategy, cyber security testing, and certification against relevant standards. Element’s expertise aims to simplify the compliance process, ensuring that manufacturers can effectively meet the new legislative demands.

Overall, the white paper serves as a crucial resource for manufacturers, outlining the legislative landscape, the importance of cyber security in product design, and the support available to achieve compliance in an increasingly regulated environment.