EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52021SC0303

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Commission Delegated Regulation supplementing Directive 2014/53/EU of the European Parliament and of the Council with regard to the application of the essential requirements referred to in Article 3(3), points (d), (e) and (f), of that Directive

SWD/2021/0303 final

Executive Summary Sheet

A. Need for action

Why? What is the problem being addressed?

Numerous Member States (MS) and consumer associations flagged the absence of certain security features in radio equipment connected to the internet, stressing the need to apply a minimum level of security. Unlike the Radio Equipment Directive 2014/53/EU (RED), several applicable pieces of EU legislation do not concern mandatory market access conditions of products and do not allow MS to take corrective measurements on the equipment

What is this initiative expected to achieve?

The key objective of this initiative is to allow MS to enforce that radio equipment placed on the EU market effectively supports the policy objectives (in terms of privacy, fraud protection and network security). Citizens, and professionals should be given the confidence that the products they use will have an increased level of protection. Another objective is to ensure a single market unhampered by diverging local or national regulations. These need clear and proportionate rules that are effectively and uniformly enforced across the EU

What is the value added of action at the EU level? 

The absence of enforcing measures when products are placed on the market does not allow national market surveillance authorities to verify that products placed on the EU market contain appropriate safeguards or features to minimise the risks relating to frauds, violation of privacy or misuse of the networks. The EU action will establish a level-playing field for the equipment in scope

B. Solutions

What legislative and non-legislative policy options have been considered? Is there a preferred choice or not? Why? 

The following options have been considered :

0.Baseline scenario based on existing EU legislation

1.Voluntary approach

2.Adoption of a delegated act based on Article 3(3)(e) of the RED

3.Adoption of a delegated act based on Article 3(3)(f) of the RED

4.Adoption of delegated acts under Articles 3(3) (e) and (f) of the RED

5.(Preferred) Adoption of delegated acts under Articles 3(3) (d), (e) and (f)

Who supports which option? 

·Options 0 and 1 are supported by manufacturers

·Options 2 and 3 are not supported

·Option 4 is supported by MS, consumers associations, associations of security firms as a fall-back for option 5

·Option 5 is supported by MS, consumers associations, associations of security firms

C. Impacts of the preferred option

What are the benefits of the preferred option (if any, otherwise main ones)? 

Option 5 addresses risks concerning privacy, frauds and network security which can be very costly. It will promote trust in and uptake of new digital developments

What are the costs of the preferred option (if any, otherwise main ones)? 

The costs of option 5 concern mostly manufacturers of equipment although certain technical solutions to comply with Articles 3(3)(d/e/f) can be the same. The costs of a security by design should have been already sustained because of Article 32 of the GDPR, which is already applicable

How will businesses, SMEs and micro-enterprises be affected?

SMEs showed conditional support to the initiative, at least in the only received position of their association. As this initiative concerns manufacturers of (radio) electronic and electrical products, micro enterprises are not expected to be affected. As regards business that are not manufacturers of radio equipment, they will benefit from the increased security of the equipment

Will there be significant impacts on national budgets and administrations? 

MS did not report significant impacts on their budget

Will there be other significant impacts? 

The following are impacts are hard to quantify, but can be very significant: the non-quantifiable increase in consumer trust, the savings due to an increased protection of the networks, reduced reputational damage for businesses, added value of safer products, avoiding fragmentation of the internal market and impacts of non-action on the competitiveness of EU businesses

D. Follow up

When will the policy be reviewed?

A report on the implementation of the Directive is due by June 2023. Because of a delayed date of applicability of the act, the policy will be reviewed in the report of 2028, or earlier evaluations of the Directive