RED DA and beyond: how to prepare for new cybersecurity regulations
19.03.2025
15:00 - 16:00 GMT (London)
11:00 - 12:00 EDT (New York)
IoT device designers must remain informed on new cybersecurity regulations to ensure they continue to comply with evolving legal landscapes. Civic authorities around the world are working to ensure that connected devices not only meet functional safety requirements, but also integrate stringent cybersecurity protections, in response to the growing threat of cyberattacks. Among the most significant new cybersecurity regulations for 2025 are the Radio Equipment Directive Delegated Act (RED DA), the Cyber Resilience Act (CRA), the US Cyber Trust Mark, and the Connected Vehicle Regulation.
The EU's RED DA adds to the Radio Equipment Directive's specific requirements on cybersecurity aimed at improving network security and protection of user data accrued through connected radio devices, to prevent fraud and other abuses. The cybersecurity requirements of RED DA will become mandatory on 1 August 2025 and applies to all radiofrequency devices that can communicate autonomously via the internet, either directly or via other devices, requiring some products placed in the EU market to be adapted to remain legal.
The CRA is another new cybersecurity regulation from the EU, which requires that products are designed with built-in cybersecurity features, and aims to secure the integration of connected devices into critical infrastructure. Under the CRA, manufacturers must provide security features that reduce risks, including regular security patches and timely updates, and compliance will be required from 2027. The US Cyber Trust Mark has similar requirements, though at present compliance will not be mandatory for deployment in the US, but can be used to promote cybersecurity credentials.
Compliance with the US Connected Vehicle Regulation however will be mandatory by 2027 for software and 2030 for hardware, and will impact all connected vehicles and aftermarket telematics sold in the US - SBOMs, HBOMs and supply chain visibility will all be required. Similarly, the US Food and Drug Administration has updated its guidance on cybersecurity for medical devices, emphasizing the importance of a Secure Product Development Framework (SPDF) and the inclusion of SBOMs in premarket submissions. To learn more about how new cybersecurity regulations could affect your project – and how we can help you prepare and ensure compliance to future-proof your device – join our expert-led webinar which will include opportunities for Q&A.
Please note: if you add this Masterclass to your calendar, you will still need to register for this event
Add to calendar
Add to your preferred calendar below:
Please be aware that you will still need to register for this Masterclass.
Speakers
Tomaz Petaros
Tomaz has set up and lead a worldwide sales team in the medical science market, supporting double-digit growth. He has also led an electronics manufacturing company for about eight years, bringing it from deep red numbers back to profitability by improving production processes and introducing new wireless technologies in the product portfolio. He also has entrepreneurial experience in developing technology for mobile telecommunication devices, phones and data modules.
Job title:
Product Manager IoT, EMEA
Company:
Quectel
Seungryoul Yoon
Seungryoul Yoon’s impressive career in technology spans three decades and three continents. A certification specialist, Seungryoul is currently responsible for taking care of the company’s module certification and supporting its customer end device certification.
Job title:
Certification Director (North America)
Company:
Quectel
Agenda
An overview of RED DA and other new cybersecurity regulations
How to prepare for new cybersecurity regulations
What we can do to help you prepare for new cybersecurity regulations