2025-08-09 –, Andromeda
Language: English
As of August 1st, 2025, the EU’s Radio Equipment Directive enforces new cybersecurity requirements. For the first time, broad categories of everyday devices — not just critical infrastructure or niche tech — must meet mandatory security standards. This talk breaks down how we got here, why it matters, and what’s breaking in the process. We’ll look at the political and technical hurdles in rolling this out, what it means for manufacturers, and how it connects to the looming Cyber Resilience Act.
On August 1st, 2025, three new cybersecurity requirements under the EU’s Radio Equipment Directive (RED) officially kicked in. This is the first time the EU has imposed hard security requirements on a wide range of everyday consumer products — think routers, smart watches, toys with a Wi-Fi chip, and more. This part of RED is often called RED/DA (Delegated Act), and it's a big deal: security is no longer optional.
In this talk, we'll unpack what RED/DA is actually about — how it came to be, why it was pushed through before the upcoming Cyber Resilience Act (CRA), and how that sequencing leads to some strange and messy overlaps between the two. Spoiler: it’s a political and regulatory patchwork.
We’ll look at how standardization efforts around RED/DA have developed, but also at how many manufacturers are still figuring out how best to comply, while market surveillance authorities are navigating their own challenges — often working with limited tools, guidance, or resources.
On top of all this, the reality is, RED/DA is just a warm-up for the main event: the Cyber Resilience Act. We’ll take a look at what CRA brings to the table, what the current state of standardization looks like there, and what kinds of challenges are already popping up on the horizon. If you’re building, selling, or securing connected products in the EU — or just curious about how regulation is reshaping product security — this talk will give you a clear picture of what’s going on and what’s coming next.
Piet De Vaere works on product security and secure system design. He runs a small consultancy, Product Security Guru GmbH, helping companies meet cybersecurity requirements and design more secure connected products. He’s especially involved with the EU Cyber Resilience Act and supports organizations in interpreting and applying it.
Piet holds a PhD from ETH Zurich and teaches Network Security at the same university. His research focuses on embedded systems, industrial networks, and practical security challenges in connected devices.
He also participates in standardization efforts related to EU cybersecurity policy, particularly the Cyber Resilience Act.