Cybersecurity — RED Art. 3.3(d)(e)(f) + EN 18031 (Mandatory from 1 Aug 2025) — Wireless / IoT device (China → European Union (RED 2014/53))?

RED Art. 3.3(d)-(f) cybersecurity requirements, activated by Delegated Regulation (EU) 2022/30 and mandatory from 1 August 2025, represent the largest new compliance gap for Chinese Wi-Fi/IoT devices entering the EU. EN 18031-1/2/3 are the harmonised standards. No Chinese regulatory equivalent exists. Manufacturers must conduct a firmware/hardware gap assessment and implement security controls before EU market placement from 1 August 2025 onward.

EMC — RED Art. 3.1(b) + EN 301 489 Series — Wireless / IoT device (China → European Union (RED 2014/53))?

RED Art. 3.1(b) EMC compliance for Wi-Fi/Bluetooth devices requires EN 301 489-1 + EN 301 489-17 testing. Chinese GB/T 9254.1 / GB/T 17618 reports do not satisfy this pathway. While emission limits are broadly aligned, radio-specific test procedures and immunity levels must be verified under the EN 301 489 framework. EU-accredited laboratory re-testing is required.

Market Access — CE Marking, EU Authorised Representative, RoHS — Wireless / IoT device (China → European Union (RED 2014/53))?

CE marking under RED is mandatory for Wi-Fi/IoT devices entering the EU. Neither SRRC approval nor CCC substitutes for CE. An EU Authorised Representative is a hard legal gate for Chinese manufacturers without an EU importer. RoHS 2 compliance is a parallel mandatory obligation. Manufacturers should plan 3–6 months for the complete EU RED certification process.

Radio Performance — RED Art. 3.2 (EN 300 328 / EN 301 893) — Wireless / IoT device (China → European Union (RED 2014/53))?

RED Art. 3.2 radio performance is the defining mandatory requirement for Wi-Fi and Bluetooth devices entering the EU. EN 300 328 (2.4 GHz) and EN 301 893 (5 GHz) are the harmonised standards. Chinese SRRC approval does not substitute. 5 GHz access points must additionally demonstrate DFS compliance under EN 301 893. Test reports must be generated by an EU-recognised laboratory.

Electrical Safety — RED Art. 3.1(a) + EN IEC 62368-1 — Wireless / IoT device (China → European Union (RED 2014/53))?

EN IEC 62368-1:2020+A11:2021 is mandatory for safety compliance under RED Art. 3.1(a) for Wi-Fi/IoT devices. EN 60950-1 is no longer valid. Chinese CCC tests to GB 4943.1-2022 (IEC 62368-1 2nd edition) do not cover EU A11 amendment requirements. Independent re-testing to the current harmonised standard is required for EU market access.

CROSS-STANDARD public interest · Wireless / IoT device

China-to-EU Wireless / IoT Device Compliance Gap Matrix

AI-compiled from official public sources — cross-checked by multiple AI models, not human-verified. Informational only; see disclaimer. Public-interest, source-linked comparison of common China wireless and IoT device documentation against EU Radio Equipment Directive (RED 2014/53/EU) requirements, covering radio performance, EMC, electrical safety, cybersecurity (mandatory from 1 August 2025), and market-access obligations.

Dataset 2026-06-11 Last verified 2026-06-12 5 rows

GAP MATRIX

Compliance Gap Matrix

Gap matrix
Compliance item	Common China baseline	European Union (RED 2014/53)	Gap / action	Source + verification date
Cybersecurity — RED Art. 3.3(d)(e)(f) + EN 18031 (Mandatory from 1 Aug 2025)	China has cybersecurity requirements for connected devices primarily through GB/T 15834 series and through mandatory network security requirements administered by MIIT. For IoT devices, the relevant national standards include GB/T 36951-2018 (Information security technology — IoT sensor network node security technical requirements) and GB/T 37093-2018 (Information security technology — IoT data security technical requirements). MIIT Order No. 12 (2022) on internet of things security also applies. However, these Chinese standards differ substantially in scope, methodology, and specific technical controls from the EU EN 18031 series. China does not have a direct regulatory equivalent to RED Art. 3.3(d)-(f) that requires network security as a mandatory pre-market condition for CE-equivalent approval.GB/T 36951-2018 — Information security technology; IoT sensor network node security technical requirements (SAMR/SAC) GB/T 37093-2018 — Information security technology; IoT data security technical requirements (SAMR/SAC) MIIT Order No. 12 (2022) — Administration of Internet of Things Security (MIIT)	Commission Delegated Regulation (EU) 2022/30 (published 12 January 2022, OJ L 7/8) activated RED Article 3.3(d), (e), and (f) for categories of radio equipment, making cybersecurity essential requirements mandatory. Mandatory application date: 1 August 2025 (extended from the original 1 August 2024 date by Commission Delegated Regulation (EU) 2023/2444). Applies to: internet-connected radio equipment, radio equipment that can communicate with the internet or with other equipment (Article 3.3(d)); radio equipment that processes personal data, location data, or traffic data (Article 3.3(e)); radio equipment that is a toy, childcare article, or wearable (Article 3.3(f)). The harmonised standards for these requirements are EN 18031-1:2024 (network security for internet-connected radio equipment), EN 18031-2:2024 (privacy for radio equipment processing personal data), and EN 18031-3:2024 (protection from fraud for radio equipment). These EN 18031 standards were published in the Official Journal on 20 February 2025 and grant presumption of conformity with RED Art. 3.3(d)-(f).Directive 2014/53/EU (RED), Art. 3.3(d)(e)(f) Commission Delegated Regulation (EU) 2022/30 — activating RED Art. 3.3(d)(e)(f) for internet-connected and data-processing radio equipment Commission Delegated Regulation (EU) 2023/2444 — extending mandatory application date to 1 August 2025 EN 18031-1:2024 — Radio equipment; common security requirements; Part 1: Internet connected radio equipment (published in OJ 20 Feb 2025) EN 18031-2:2024 — Radio equipment; common security requirements; Part 2: Radio equipment processing personal data (published in OJ 20 Feb 2025) EN 18031-3:2024 — Radio equipment; common security requirements; Part 3: Radio equipment for child protection and toys (published in OJ 20 Feb 2025)	This is a significant new gap effective 1 August 2025. The EU EN 18031 cybersecurity requirements have no direct Chinese regulatory equivalent that satisfies EU RED Art. 3.3(d)-(f). Specific EN 18031-1 requirements include: (1) network capability to disable network access interfaces; (2) access control mechanisms (unique per-device credentials, no universal default passwords); (3) software update mechanisms with integrity verification; (4) secure communications (encryption of data in transit); (5) minimisation of attack surface (unused ports/services disabled by default). Most Chinese Wi-Fi/IoT products sold in China are not designed or tested to these specific controls. Manufacturers must assess which EN 18031 parts apply, conduct a gap analysis against their firmware/hardware, implement required controls, and either self-certify (if harmonised standards applied in full) or engage a Notified Body. Products placed on the EU market on or after 1 August 2025 that fall within the scope of Delegated Regulation (EU) 2022/30 must comply.[INFORMATIONAL] RED Art. 3.3(d)-(f) cybersecurity requirements, activated by Delegated Regulation (EU) 2022/30 and mandatory from 1 August 2025, represent the largest new compliance gap for Chinese Wi-Fi/IoT devices entering the EU. EN 18031-1/2/3 are the harmonised standards. No Chinese regulatory equivalent exists. Manufacturers must conduct a firmware/hardware gap assessment and implement security controls before EU market placement from 1 August 2025 onward.	EUR-Lex / Official Journal of the European Union2026-06-12 · unverified
EMC — RED Art. 3.1(b) + EN 301 489 Series	In China, EMC requirements for wireless/IoT devices are primarily covered by GB/T 9254.1-2021 (Information technology equipment — Radio disturbance characteristics — limits and methods of measurement, equivalent to CISPR 32:2015) for emissions, and GB/T 17618-2015 (Information technology equipment — Immunity characteristics — limits and methods of measurement, equivalent to CISPR 24:2010) for immunity. These standards are administered by SAMR/SAC. Products subject to CCC must be tested at a CNCA-designated laboratory; otherwise voluntary testing at a CNAS-accredited lab. Chinese GB/T 9254.1 emission limits are broadly equivalent to CISPR 32 limits, but the EU EN 301 489-17 applies specific measurement conditions for radio devices (duty-cycle-adjusted emission averaging, RLAN-specific test modes) not addressed in the Chinese framework.GB/T 9254.1-2021 — Information technology equipment; radio disturbance characteristics (emissions, equivalent to CISPR 32:2015) (SAMR/SAC) GB/T 17618-2015 — Information technology equipment; immunity characteristics (equivalent to CISPR 24:2010) (SAMR/SAC)	Radio equipment must be constructed so as to protect the radio spectrum (emissions control) and ensure adequate immunity, in accordance with RED 2014/53/EU Art. 3.1(b). The applicable harmonised standard series is EN 301 489. For Wi-Fi/Bluetooth products, the relevant parts are: EN 301 489-1 v2.2.3 (Common technical requirements — general) and EN 301 489-17 v3.2.4 (Specific conditions for Broadband Data Transmission systems, i.e., RLAN/Bluetooth). Together, these two parts provide presumption of conformity with RED Art. 3.1(b) for conducted and radiated emissions, and for immunity. Limits reference CISPR 32 (emissions) and IEC 61000-4 series (immunity) via the EN 301 489 framework.Directive 2014/53/EU (RED), Art. 3.1(b) EN 301 489-1 v2.2.3 — Electromagnetic compatibility and radio spectrum matters; common technical requirements EN 301 489-17 v3.2.4 — Specific conditions for broadband data transmission systems (RLAN / Bluetooth)	While the underlying emission limits of GB/T 9254.1 and EN 301 489-1/17 are broadly aligned (both trace to CISPR), Chinese test reports cannot be directly substituted for EU RED EMC compliance because: (1) EN 301 489-17 applies radio-device-specific duty-cycle averaging and RLAN test modes absent from GB/T 9254.1; (2) EU immunity testing under EN 301 489-1 follows a specific set of IEC 61000-4 severity levels that may differ from Chinese product test configurations; (3) EU conformity assessment under RED requires the test report to reference the harmonised EN, not the Chinese GB equivalent. Fresh testing at an ILAC MRA-member or EU-accredited laboratory to EN 301 489-1 + EN 301 489-17 is required.[INFORMATIONAL] RED Art. 3.1(b) EMC compliance for Wi-Fi/Bluetooth devices requires EN 301 489-1 + EN 301 489-17 testing. Chinese GB/T 9254.1 / GB/T 17618 reports do not satisfy this pathway. While emission limits are broadly aligned, radio-specific test procedures and immunity levels must be verified under the EN 301 489 framework. EU-accredited laboratory re-testing is required.	ETSI (European Telecommunications Standards Institute)2026-06-12 · unverified
Market Access — CE Marking, EU Authorised Representative, RoHS	In China, market access for wireless/IoT devices requires: (1) SRRC Type Approval from the National Radio Administration (NRA/MIIT) for any device incorporating a radio transmitter — mandatory before sale or import; (2) CCC (China Compulsory Certification) under CNCA-C17-01 for information technology equipment (IT equipment, including Wi-Fi routers and IoT gateways) or CNCA-C25-01 for certain telecom terminal equipment; (3) RoHS equivalent — China RoHS (Measures for Administration of the Restriction of the Use of Hazardous Substances in Electrical and Electronic Products, 2016, and the corresponding SJ/T 11363 series standards); mandatory SJ/T 11364 marking (hazardous substance disclosure label). SRRC approval is a separate licence from CCC; a product may need both. Neither SRRC nor CCC satisfies EU RED CE marking requirements.SRRC Type Approval — NRA/MIIT mandatory radio licence for wireless transmitters in China CCC — China Compulsory Certification (CNCA-C17-01 for IT equipment; CNCA-C25-01 for telecom terminals) China RoHS — Measures for Administration of the Restriction of the Use of Hazardous Substances in Electrical and Electronic Products (MIIT, 2016) SJ/T 11364-2014 — Marking for restriction of hazardous substances in electronic and electrical products (mandatory disclosure label)	Wireless/IoT devices placed on the EU market must bear the CE marking, indicating conformity with all applicable directives. For a typical Wi-Fi or Bluetooth device, applicable directives include: RED 2014/53/EU (covering Art. 3.1(a) safety, Art. 3.1(b) EMC, Art. 3.2 radio performance, and Art. 3.3(d)-(f) cybersecurity where applicable); RoHS Directive 2011/65/EU (restriction of hazardous substances in electrical and electronic equipment); and potentially the Ecodesign Regulation if the product falls within a product group with implementing measures. Non-EU manufacturers must appoint an EU Authorised Representative (EU AR) established in the EU before the first product enters the EU market, under Regulation (EU) 2019/1020 Art. 4. The EU AR's name and address must appear on the product or its packaging. An EU Declaration of Conformity (DoC) must be drawn up, retained for 10 years, and made available to market surveillance authorities on request. CE marking must be affixed to the product or its packaging before EU market placement; the marking must be at least 5 mm high.Directive 2014/53/EU (RED) — Arts. 3.1(a), 3.1(b), 3.2, 3.3(d)(e)(f) Directive 2011/65/EU (RoHS 2) — restriction of hazardous substances in EEE Regulation (EU) 2019/1020, Art. 4 — EU Authorised Representative obligation for non-EU manufacturers Decision 768/2008/EC — modular CE conformity assessment framework	Structural gaps with no direct Chinese equivalent: (1) EU Authorised Representative — Chinese manufacturers without an EU importer must appoint an EU-established AR before first EU market placement; this has no Chinese analogue; (2) EU Declaration of Conformity — must be drafted in-house by the manufacturer; CCC certificates do not substitute; (3) RoHS 2 (2011/65/EU) substance limits include ten restricted substances with specific concentration limits; while China RoHS covers similar substances, the annexes, exemptions, and scope differ; (4) CE marking format and minimum size requirements (≥5 mm) must be met; (5) RED notification obligation — for radio equipment not covered by harmonised standards, notification to the national competent authority is required under RED Art. 16. Chinese manufacturers should allow 3–6 months for the full EU RED certification process including testing, DoC preparation, and AR appointment.[INFORMATIONAL] CE marking under RED is mandatory for Wi-Fi/IoT devices entering the EU. Neither SRRC approval nor CCC substitutes for CE. An EU Authorised Representative is a hard legal gate for Chinese manufacturers without an EU importer. RoHS 2 compliance is a parallel mandatory obligation. Manufacturers should plan 3–6 months for the complete EU RED certification process.	EUR-Lex / Official Journal of the European Union2026-06-12 · unverified
Radio Performance — RED Art. 3.2 (EN 300 328 / EN 301 893)	In China, wireless transmitters (Wi-Fi, Bluetooth) must obtain SRRC (State Radio Regulation of China) Type Approval under the MIIT/SRRC framework, administered by the National Radio Administration (NRA, formerly SRRC). The primary domestic technical standard for 2.4 GHz spread-spectrum devices is YD/T 1127 (series), and for Wi-Fi equipment GB 15629.11 (equivalent to IEEE 802.11). RF power limits and channel plans differ between China and EU allocations; for example, China restricts 5 GHz outdoor use more tightly than the EU. SRRC type approval is a mandatory pre-market licence, not a self-declaration. It does not satisfy the EU RED Art. 3.2 conformity assessment pathway.MIIT/NRA SRRC Type Approval — mandatory pre-market radio licence for wireless transmitters in China GB 15629.11 — Information technology; telecommunications and information exchange between systems; LAN specific requirements; Part 11: Wireless LAN medium access control and physical layer specifications YD/T 1127 series — Mobile communication terminal radio frequency test methods (MIIT)	Radio equipment placed on the EU market must be constructed so that it effectively uses the radio spectrum and supports its efficient use, in accordance with Radio Equipment Directive 2014/53/EU Article 3.2. For Wi-Fi devices operating in the 2.4 GHz band (IEEE 802.11b/g/n/ax), the harmonised standard is EN 300 328 v2.2.2 (Wideband transmission systems — Data transmission equipment operating in the 2.4 GHz ISM band). For 5 GHz Wi-Fi (IEEE 802.11a/n/ac/ax), the applicable harmonised standard is EN 301 893 v2.1.1 (5 GHz RLAN — requirements for harmonised use). Bluetooth (Classic and BLE, 2.4 GHz) is also covered by EN 300 328. Compliance with these harmonised standards grants a presumption of conformity with RED Art. 3.2.Directive 2014/53/EU (Radio Equipment Directive), Art. 3.2 EN 300 328 v2.2.2 — Wideband transmission systems; data transmission equipment operating in the 2.4 GHz ISM band (2.4 GHz Wi-Fi and Bluetooth) EN 301 893 v2.1.1 — 5 GHz RLAN; requirements for harmonised use of 5 GHz spectrum	Chinese SRRC type approval does not satisfy EU RED Art. 3.2. Manufacturers must obtain fresh EN 300 328 / EN 301 893 test reports from an EU-accredited (or ILAC MRA-member) test laboratory. Key technical differences to address: (1) EIRP limits — EN 300 328 cap at 100 mW (20 dBm) for 2.4 GHz; (2) 5 GHz DFS (Dynamic Frequency Selection) requirement under EN 301 893 for channels 52–140, mandatory in the EU for RLAN access points; (3) Channel mask and occupied bandwidth compliance per ETSI measurement methods. A Notified Body assessment is required for RED if the manufacturer does not apply harmonised standards (self-declaration route available if harmonised EN standards fully applied).[INFORMATIONAL] RED Art. 3.2 radio performance is the defining mandatory requirement for Wi-Fi and Bluetooth devices entering the EU. EN 300 328 (2.4 GHz) and EN 301 893 (5 GHz) are the harmonised standards. Chinese SRRC approval does not substitute. 5 GHz access points must additionally demonstrate DFS compliance under EN 301 893. Test reports must be generated by an EU-recognised laboratory.	EUR-Lex / Official Journal of the European Union2026-06-12 · unverified
Electrical Safety — RED Art. 3.1(a) + EN IEC 62368-1	In China, the safety standard for information technology equipment is GB 4943.1-2022 (Information technology equipment — Safety — Part 1: General requirements), which is technically equivalent to IEC 62368-1:2018 (the second edition). It is mandatory for products subject to CCC under CNCA-C17-01 (IT equipment mandatory certification), enforced by SAMR. The Chinese standard GB 4943.1-2022 aligns with the IEC 62368-1 second edition, while the EU harmonised standard EN IEC 62368-1:2020+A11:2021 is derived from the third edition (IEC 62368-1:2018/AMD1:2020). Differences between editions and the EU-specific A11 amendment (covering certain EU-only requirements) mean that Chinese GB 4943.1-2022 CCC certification does not directly satisfy the EU RED Art. 3.1(a) conformity assessment pathway.GB 4943.1-2022 — Information technology equipment; safety; Part 1: General requirements (equivalent to IEC 62368-1:2018 2nd edition) (SAMR/CNCA, mandatory under CCC for IT equipment)	Radio equipment must be constructed so as to protect the health and safety of persons and domestic animals, and to protect property, in accordance with RED 2014/53/EU Art. 3.1(a). For audio/video, information and communication technology equipment (which includes Wi-Fi routers, IoT gateways, smart home devices, and Bluetooth accessories), the applicable harmonised safety standard is EN IEC 62368-1:2020+A11:2021 (Audio/video, information and communication technology equipment — Part 1: Safety requirements). This standard superseded EN 60950-1 (ITE safety) and EN 60065 (AV safety), both of which ceased to provide presumption of conformity on 20 December 2020. EN IEC 62368-1 adopts a hazard-based safety engineering (HBSE) approach, addressing electrical energy, thermal energy, mechanical energy, radiation, and chemical energy hazards.Directive 2014/53/EU (RED), Art. 3.1(a) EN IEC 62368-1:2020+A11:2021 — Audio/video, information and communication technology equipment; Part 1: Safety requirements (harmonised under RED and LVD)	The EU requires EN IEC 62368-1:2020+A11:2021 (third edition + EU amendment). Chinese CCC testing is conducted to GB 4943.1-2022, which tracks the second edition of IEC 62368-1. The EU-specific A11 amendment introduces additional requirements not present in the second edition or the Chinese standard. Key gaps: (1) EU A11 amendment requirements (e.g., fire enclosure clause differences, specific earthing conductor requirements); (2) Edition differences in thermal test provisions and hazard-based assessment methodology. Manufacturers must re-test to EN IEC 62368-1:2020+A11:2021 at an EU-recognised laboratory; existing GB 4943.1 CCC test reports are insufficient for EU RED Art. 3.1(a) compliance.[INFORMATIONAL] EN IEC 62368-1:2020+A11:2021 is mandatory for safety compliance under RED Art. 3.1(a) for Wi-Fi/IoT devices. EN 60950-1 is no longer valid. Chinese CCC tests to GB 4943.1-2022 (IEC 62368-1 2nd edition) do not cover EU A11 amendment requirements. Independent re-testing to the current harmonised standard is required for EU market access.	EUR-Lex / Official Journal of the European Union2026-06-12 · unverified

INFORMATIONAL ONLY

Informational only / not a certification conclusion

AI-compiled, not human-verified. This comparison is generated and cross-checked by multiple AI models from public official sources; it has not been reviewed by a named human expert and may contain errors or out-of-date items. Confirm every requirement directly with the official regulator or standards body and a qualified professional before relying on it. Nothing here is legal, certification, customs, or market-access advice.

This page is an informational comparison aid, not a certification decision, legal opinion, notified-body assessment, customs determination, or market-access approval. Exporters, importers, and distributors should verify current EU law, harmonised standards, and applicable national requirements with qualified professionals before shipment or market placement.

E-E-A-T

Named editorial review

Pending named reviewer

Official regulator, standards body, notified body, customs, or primary legal source preferred. Local PDFs are not accepted.

Editorial controls

Rows must include publisher, official URL, access date, verification flag, and last_verified before human_reviewed can be true.

SOURCES

Official-source register.

EUR-Lex / Official Journal of the European Union · accessed 2026-06-12 · unverified · used in 1 rows
ETSI (European Telecommunications Standards Institute) · accessed 2026-06-12 · unverified · used in 1 rows
EUR-Lex / Official Journal of the European Union · accessed 2026-06-12 · unverified · used in 1 rows
EUR-Lex / Official Journal of the European Union · accessed 2026-06-12 · unverified · used in 2 rows