The RED cyber DA is repealed: the CRA takes over on 11 December 2027 Featured
CRA Conformité CE Cybersécurité Directive RED EN 18031

The RED cyber DA is repealed: the CRA takes over on 11 December 2027

Commission Delegated Regulation (EU) 2026/339, published in the Official Journal on 29 April 2026, repeals Delegated Regulation (EU) 2022/30 with effect 11 December 2027 — the date of full CRA application. There will be no regulatory double-obligation: radio equipment manufacturers who have been working toward EN 18031 compliance since August 2025 are covered until that date, and the CRA takes over exclusively. What the repeal resolves, what it does not, and how to sequence the transition.

 1 May 2026  6 min
CRA and the Radio Equipment Directive (EN 18031): mapping synergies for radio equipment manufacturers
CRA Conformité Cybersécurité Directive RED EN 18031 EN 304 632

CRA and the Radio Equipment Directive (EN 18031): mapping synergies for radio equipment manufacturers

Since August 2025, manufacturers of internet-connected radio equipment are subject to the cybersecurity requirements of the Radio Equipment Directive (EN 18031-1/2/3). Many believe this work covers most of their CRA obligations. That is not entirely wrong, but it is incomplete. This article maps precisely what EN 18031 delivers for CRA purposes, what it does not cover, and what the conformity assessment module question (dependent on vertical standard harmonisation) changes operationally for connected security product manufacturers.

 1 May 2026  13 min
All ANFR Annexe III Article 14 CRA CVD Conformité Conformité CE Contrôle de marché Cybersécurité DDADUE DGCCRF Directive Machines Directive RED Dossier technique Due diligence EN 18031 EN 304 632 Firmware Gestion des vulnérabilités Marquage CE PSIRT SBOM Surveillance du marché