The European Commission has adopted a delegated act under the Radio Equipment Directive(1) that lays down new legal requirements for the cybersecurity of wireless devices including mobile phones, tablets, baby monitors, smart watches and fitness trackers. The intention is to:

  • improve network resilience – through features that avoid harming communication networks and prevent devices from being used to disrupt the functionality of websites or other services;
  • ensure better protection of consumer privacy – through features to guarantee the protection of personal data; and
  • reduce the risk of monetary fraud – through features to minimise the risk of fraud when making electronic payments.

The Commission has also published accompanying Q&As information on the delegated act.

If no objections are raised during a two-month scrutiny period, the act will be published in the Official Journal of the European Union and will come into force, with compliance required from around mid-2024. The act will apply to in-scope products for the EU market. It is intended that the act will also be complemented by a Cyber Resilience Act that will cover more products and will extend to their entire life cycle.

For further information on this topic please contact Lizzie Charlton, Philip James or Sara Ellis at Eversheds Sutherland by telephone (+44 20 7919 4500) or email ([email protected], [email protected] or [email protected]). The Eversheds Sutherland website can be accessed at


(1) 2014/53/EU.