Does Your IoT Equipment Need to Comply with the New EU Cybersecurity Regulations? A Manufacturer’s Guide

Before you read a NOTE: For more detailed information on the new cybersecurity regulations and how they might impact your devices, check out our comprehensive guides:


Is Your IoT Equipment Affected by the New EU Cybersecurity Regulations?

With the new EU cybersecurity regulations coming into effect on August 1, 2025, many manufacturers are uncertain whether their IoT devices fall under these new requirements. This guide will help you determine if your equipment needs to comply with Directive 2014/53/EU, specifically the essential requirements 3.3 (d), (e), and/or (f), and outline the steps you should take to achieve compliance.


Key Compliance Requirements

Directive 2014/53/EU outlines essential cybersecurity requirements in Article 3.3. Here’s how to assess if your equipment must comply:


Article 3.3(d): Internet Connectivity

  • Direct Connection: Does your device connect directly to the internet (e.g., through Wi-Fi or Ethernet)?
  • Indirect Connection: Does it connect to the internet through another device (e.g., via a smartphone or gateway)?

If your device connects to the internet in any form, whether directly or indirectly, it must comply with Article 3.3(d). This requirement ensures that all internet-connected devices meet essential cybersecurity standards.

For more details, refer to Delegated Regulation (EU) 2022/30, Article 1.1.


Article 3.3(e): Data Processing

Your device must comply with Article 3.3(e) if it processes the following:

  • Personal Data: Information that identifies an individual, as defined in Regulation (EU) 2016/679, Article 4(1).
  • Traffic and Location Data: Data used for communication or geographic tracking, as specified by Directive 2002/58/EC, Articles 2(b) and 2(c).

This requirement ensures that devices handling sensitive data adhere to privacy and security measures.

For more information, see Delegated Regulation (EU) 2022/30, Article 1.2.


Article 3.3(f): Financial Transactions

If your device facilitates payments or handles virtual currency, it must comply with Article 3.3(f). Devices involved in financial transactions must meet the rigorous security standards outlined in Article 3.3(f).

For more details, consult Delegated Regulation (EU) 2022/30, Article 1.3.


Exceptions and Derogations

Certain devices may be exempt from these requirements based on other Union legislation:

  • Articles 3.3(d), (e), and (f) do not apply to devices under Regulation (EU) 2017/745 (medical devices), as outlined in Delegated Regulation (EU) 2022/30, Article 2(a).
  • Articles 3.3(e) and (f) do not apply to equipment regulated by:
    • Regulation (EU) 2018/1139 (aviation safety),
    • Regulation (EU) 2019/2144 (vehicle safety),
    • Directive (EU) 2019/520 (electronic toll systems),
    • Regulation (EU) 2017/746 (in vitro diagnostic medical devices), as specified in Delegated Regulation (EU) 2022/30, Article 2(b).

What Should You Do Next?

To determine if your equipment needs to comply with Article 3.3(d), (e), or (f), ask yourself these questions:

  1. Does it connect to the internet, either directly or indirectly?
  2. Does it process personal OR traffic AND location data?
  3. Does it facilitate financial transactions or handle virtual currency?

If you answered “yes” to any of these questions:

  • Article 3.3(d) and/or Article 3.3(e) of the directive 2014/53/EU will apply to your device.
  • Additionally, if your device facilitates financial transactions or handles virtual currency, Article 3.3(f) will also apply.

Ensure Full Compliance Before August 1, 2025

Start preparing now to ensure your device meets all necessary regulations and avoid compliance issues. For expert guidance and support in navigating these new requirements, contact IoT Consulting Partners.

Michael Wouters Do You Have Questions?
Schedule a Free Consultation Now!
John Roording

Share and Enjoy !

This website uses cookies to ensure you get the best experience on our website.

Welcoming offer!

The most interesting  CE Radio Equipment Directive guidance documents for FREE or let us talk now!