top of page
Search

But Doesn’t the RED Directive Already Cover This?

  • spotcom
  • Aug 11
  • 2 min read

When discussing cybersecurity for industrial radio equipment, one of the first questions we hear is:

"But doesn’t the Radio Equipment Directive (RED) already take care of that?"

The short answer is: Not entirely.


RED and Cybersecurity – What It Does

The RED Directive, specifically Articles 3(3)(d), (e), and (f), sets important baseline requirements for ensuring radio equipment incorporates safeguards to protect personal data, privacy, and networks from harm. It’s an essential piece of the puzzle, and it’s a step forward in acknowledging that connected devices must also be secure devices.


The recent delegated acts under RED bring cybersecurity considerations into scope, focusing on:

  • Ensuring devices don’t harm networks

  • Protecting personal data and privacy

  • Reducing the risk of fraud


These measures apply broadly to all radio equipment and provide a foundation for compliance.


Where RED Falls Short for Industrial Radio

However, RED is not a complete assurance framework for the specific, high-stakes needs of industrial radio systems. These systems often control critical infrastructure such as utilities, manufacturing processes, and transport operations — where a compromise could have severe operational and safety consequences.


RED is compliance-focused: it ensures products meet essential requirements at the point of placing them on the market. But it does not:


  • Provide ongoing operational assurance once deployed

  • Offer graduated security levels to match the risk profile of different applications

  • Include scenario-based penetration testing specific to industrial use cases

  • Map directly to national critical infrastructure security frameworks such as the NCSC’s Cyber Assessment Framework (CAF)


How SIR Certification Complements RED

SIR Certification builds on RED compliance, adding layers of testing, evaluation, and assurance that address operational risks and sector-specific vulnerabilities.

  • Three Levels of Certification: From baseline to advanced protection, matched to system criticality

  • Operational Testing: Verification under real-world RF conditions, not just lab-based compliance

  • Framework Mapping: Alignment with CAF and other national security guidelines to help organisations demonstrate resilience to regulators and insurers

  • Continuous Improvement: Encouraging periodic re-assessment to address evolving threats


In short, RED is the entry ticket for safe market access, but SIR Certification is the ongoing passport to resilience in the face of growing RF-borne cyber threats.


If RED is the lock on your front door, SIR Certification is the security system, CCTV, and insurance policy that together keep your critical operations safe.

 
 
 

Comments

SIR Certification

+44 (0)1329 448161

 

© 2025 Spotcom Ltd. All rights reserved.
SIR Certified™ and its associated certification levels are trademarks of Spotcom Ltd.
The name, logo, and certification marks are protected under UK intellectual property law.
Unauthorised use, reproduction, or distribution of these marks is strictly prohibited.
You are welcome to share or reference this content for awareness or educational purposes, provided attribution to Spotcom Ltd. is maintained and the material is not altered or misrepresented.

 

bottom of page