Radio Equipment Directive (RED) for networked medical devices

Directive 2014/53/EU (Radio Equipment Directive (RED)) applies to devices that use Wi-Fi or RFID, for example. Medical devices that send a radio signal because they connect to the internet or are operated remotely also need to demonstrate conformity with the RED before being marketed.

In this article, learn more about

• which products are in scope of the Radio Equipment Directive,
• which requirements they need to meet, and
• how they can get through the conformity assessment procedure without unnecessary testing.

1. Applicability of the RED

a) What is generally considered to be radio equipment

The RED defines the term “radio equipment” in Article 2(1) No. 1:

Article 2 RED also includes precise criteria of when radio equipment comes under the Directive and when it does not. This depends, for example, on the frequency of the signal.

The RED applies to networked devices, in particular if they use Wi-Fi, Zigbee, Bluetooth, RFID, or 4G/LTE/5G. Distance measuring systems such as radars also come under the RED.

There are examples of exactly which products are in scope of the RED in 1c).

b) Products to which the RED does not apply

There are two main reasons why radio equipment may is not in the scope of RED:

1. It is not within the definition.
2. It is explicitly excluded from the RED.

Article 1(3) and Annex I of the RED expressly exclude certain radio equipment from the scope of the Directive. This includes radio equipment for defense, radio equipment that relates to public safety, and radio equipment for ships that come under the International Maritime Organization (IMO) conventions.

These exceptions therefore do not explicitly relate to medical devices.

c) Medical devices as radio equipment

The MDR and IVDR regulations primarily apply to medical devices. The RED applies in parallel to these. Ultimately, this means that the RED applies to medical devices if they include components (such as Wi-Fi or Bluetooth modules) that come under the definition of radio equipment in the RED and for which there are no special regulations in the MDR/IVDR.

This applies to all medical devices that intentionally communicate using radio waves, regardless of whether they communicate directly with one another or via other IT devices.

RED conformity

Affected manufacturers must declare conformity with RED in addition to the MDR/IVDR. If evidence of conformity with the RED can be provided entirely using harmonized standards, the manufacturer can issue a written EU declaration of conformity without involving a notified body. If this is not the case, a notified body must be consulted. Harmonized standards are available for the most common frequency bands used by Wi-Fi, BT, or RFID.

Interestingly, the standards do not relate to a specific technology but instead to frequency bands. Various technologies can then be developed within the frequency bands. ETSI EN 300 328, for example, is a standard for: “Wideband transmission systems; Data transmission equipment operating in the 2,4 GHz band”, which is then critical for technologies such as Wi-Fi, BT, or Zigbee.

Examples of when medical devices are in the scope of RED

• Implants with functions that can be controlled via an app
• Mobile patient monitors that send data using GSM
• Telemedical devices used in domestic environments that send data via the internet using Wi-Fi
• Hearing implants that communicate with one another
• Products with smart wireless charging that exchange data with the charging unit during charging

Examples of when medical devices do not fall under RED

• Products that do not intentionally emit radio waves
• Medical devices that use radio waves for therapeutic or diagnostic purposes, such as magnetic field stimulation or MRI
• Products that only communicate via wires, such as a LAN, RS-232, or CAN bus.

RED, cybersecurity, and medical devices

Delegated Regulation (EU) 2022/30 of 29 October 2021 sets out significant changes in terms of cybersecurity in the RED. According to Article 2(1) of Delegated Regulation 2022/30, medical devices that come under the MDR and IVDR are excluded from these regulations.

Other regulations on cybersecurity apply for medical devices. These can be found in the MDR and IEC 80001-5-1 for example.

2. Specifications of the RED

The fundamental requirements of radio equipment can be found in Article 3 of the RED.

The most important requirements are:

• Article 3(1)(a): The protection of health and safety of persons and of domestic animals
• Article 3(1)(b): An adequate level of electromagnetic compatibility as set out in Directive 2014/30/EU
• Article 3(2): Radio equipment shall be so constructed that it both effectively uses and supports the efficient use of radio spectrum in order to avoid harmful interference.
• Article 3(3): Other construction requirements for certain categories or classes, such as
  • 3(3)(d): Protection of the network
  • 3(3)(e): Safeguards for personal data and privacy
  • 3(3)(f): Protection against fraud

While Annex I of the MDR and IVDR set out specific requirements, the RED remains comparatively superficial. Additional background on the thoughts and considerations behind the requirements can be found in the RED Guide (Guide to the Radio Equipment Directive 2014/53/EU).

a) Article 3(1)(a): Protection of health

Manufacturers must take into account the biological risks (protection of health) linked to non-ionizing radiation in their risk management. This is particularly relevant for implants and medical devices worn on the body.

Annex I Paragraph 16 of the MDR also sets out corresponding requirements to protect against radiation. However, these are not entirely covered by the standard EN 60601-1 or EN 60601-1-2. Corresponding recommendations and standards (see section c) for examples) from the RED environment provide some assistance here.

Reference limits and basic limits

Limits known as reference limits (ICNIRP) and specific absorption rate (SAR) are set out to determine the justifiability of the risks. The reference limits are used for implants, for example. Factors such as power density and current density that lead to a warming of the tissue are relevant. Manufacturers can find recommendations and standards on the website of the International Commission on Non-Ionizing Radiation Protection ICNIRP and in this guidance document (ERC Recommendation). Annex 12 of the ERC recommendation looks at frequency bands and regulatory and informative parameters recommended for active medical implants and their associated peripheral devices.

The International Commission on Non-Ionizing Radiation Protection collects information on the biological effectiveness threshold for high-frequency electromagnetic fields (HF) in the range from 100 kHz to 300 GHz and sets out certain limits.

b) Article 3 (1)(b) and EMC

Article 3(1)(b) sets out requirements for electromagnetic compatibility. Some of these requirements are already covered in the MDR and with the testing according to IEC 60601-1-2 for ME devices.

Additional tests of emitted interference and immunity are carried out on radio equipment. The acceptable criteria are similar to those of IEC 60601-1-2 in terms of essential performance characteristics. The tests are described in basic standard EN 301 489-1 and part 17 EN 301 489-17 for BT and Wi-Fi.

c) Article 3(2): Protection of the radio spectrum

Radio equipment may not excessively interfere with other bands, particularly bands with a licensing requirement such as police radio or military equipment.

There are, however, no specific exclusions in selecting a technology. Limits on technology arise from the intended environment and provisions that apply in that environment (Military Standard (MIL), Radio Technical Commission for Aeronautics (RTCA), European Telecommunications Standards Institute (ETSI)).

There are very significant differences internationally within the bands as the radio frequencies are under the sovereign control of states. The frequency band (2.4 GHz) in which Wi-Fi and Bluetooth fall is one of the few frequency bands that is free of licensing in the majority of the world.

The most important standards for selected frequency bands are:

• EN 300 328 2.4GHz BT, Wi-Fi, Zigbee
• EN 301 893 Wi-Fi, 5G Hz
• EN 300 330 RFID 13.56 MHz

d) Article 3(3) special requirements

Article 3(3) sets out special requirements for “certain categories or classes.” These requirements primarily relate to the topics of compatibility and safety. The classes and categories that are affected can be found in the delegated acts on the RED.

Article 3(3) letters d, e, and f set out requirements related to elements of cybersecurity, which apply to the categories of radio equipment that represent cybersecurity risks. However, according to Article 2(1) of Delegated Regulation (EU) 2022/30, these do not apply to medical devices according to the MDR and IVDR.

The MDR and IVDR, however, have their own specifications on the topic of cybersecurity.

3. Installation of radio modules into medical devices

Manufacturers mostly equip their medical devices with existing radio modules and do not design these from scratch. These modules already conform with the RED and have the corresponding certification. This does not, however, mean that the medical device is automatically RED-compliant.

This is due to the fact that the properties mostly change as a result of the installation. This results in a new radio device that needs to meet the requirements set out in the RED in and of itself.

In particular, when radio modules are installed, they have a different EMC fingerprint. This relates to the topology of the antenna, the control using software, and the quality of the power supply. A test of the device with the module installed is therefore required in the EU.

a) When manufacturers can waive certain tests

Under some circumstances, however, manufacturers can waive some of the tests for the RED if they use a radio module that is already RED-compliant in their medical device. The decision should be made in the risk analysis.

The following can be used as a rule of thumb:

• All elements that are connected “conducted” generally do not change as a result of the installation. They therefore do not necessarily need to be tested again.
• Elements that are “radiated” do generally need to be tested in full again according to the EM Regulation and Article 3(2) RED.
• If several radio devices are installed, this mostly means that the interaction means testing is needed.
• Further testing is often not needed for modules that are installed externally.
• However, modules that are installed deep mostly need to be tested again.

Partial tests are often necessary as a minimum, such as spurious emissions according to the respective radio standard. Access to the test report for the installed module is helpful for the precise estimate.

b) Tips on the installation of radio modules

• Tip 1: Manufacturers should ensure the quality of the radio module used for medical devices in particular. This not only ensures safety and performance but it can also prevent many support problems.
• Tip 2: Medical devices have a longer service life than other radio devices such as smartphones. You should therefore ensure good documentation and a long service time for the radio module used.
• Tip 3: Try to manage with the antennae defined in the installation instructions. The evidence of conformity is not valid if you make any changes to these.
• Tip 4: Before installation, consider what will lead to which new tests. Set out what you really need to test again and what you do not clearly in the risk analysis. You may be able to save yourself time-consuming duplicate tests if you make a good plan in advance.

4. Five steps to RED conformity

You should keep the following points in mind so you can get your medical device with a radio module safely through the conformity assessment procedure:

a) Step 1: Determine a goal

First, think about what exactly you want to transmit using which bandwidth how far and with which additional requirements. Then set a suitable frequency range. These considerations include aspects such as data throughput, range, availability, and safety.

b) Step 2: Check the applicability

First check whether your product even comes under the scope of the RED. You can find the requirements in Article 2 RED (see also 1a) above).

c) Step 3: Determine the requirements

Determine which requirements your product needs to comply with according to Article 3 of the RED in addition to the requirements set out in the MDR. It is best to record these together with the requirements from other regulations relevant to your product, such as the MDR or IVDR.

Bear in mind that medical devices are exempt from the cybersecurity requirements in the RED, but these should still be very important! Cybersecurity is also compulsory specifically for medical devices according to other regulations such as the MDR.

d) Step 4: Focus on the radio module in the risk analysis

Focus on the radio module in particular at an early stage during the risk analysis. This means you can determine which radio module to install and how at an early stage, saving yourself unnecessary tests at a later stage. You should also consider the special characteristics of installation (see 3 above).

e) Step 5: Check for RED conformity

The annexes to the RED provide detailed information on testing for RED conformity. The EN 301 489 and EN 60601-1-2 series of standards are mostly used. Test laboratories will help you determine the tests required.

5. Latest news

a) Amendment to the RED Directive

The EU has published an amendment to the RED Directive (Radio Equipment Directive). The RED also affects medical devices that communicate wirelessly, e.g., via Bluetooth or WLAN.

“Radio equipment” must have a standardized charging port, namely USB-C. The legislators mainly focused on cell phones but medical devices are not exempt.

Manufacturers should, therefore, review whether additional patient protection must be built into the medical device itself in case it cannot be ensured that users always use the mains part supplied.

b) Effects of Directive 2022/2380 (“USB”)

Requirements

The determination that radio equipment must be equipped with the USB type C standard charging connector will apply to specific categories or classes of radio equipment from December 28, 2024. Directive (EU) 2022/2380 requires this in Annex Ia Part I points 1.1 to 1.12). The German draft law for implementing Directive (EU) 2022/2380 is available.

Scope of application

The following categories (radio equipment) are affected, for example

• portable cell phones
• tablets
• headsets
• earphones

For laptops, these regulations will apply from April 28, 2026.

Consequences for the devices

If the patient must use such components for the medical device to fulfill its clinical function, higher safety requirements apply to these components for patient protection. A problem may arise if the patient uses the device (for example, a laptop) while it is connected to the mains part.

Until now, manufacturers have used chargers that meet patient protection requirements and provide their proprietary connector plugs. This is no longer possible. Now, they must review whether the USB-C mains part used meets the requirements of IEC 60601-1 or ensure that use and charging are not possible simultaneously.

6. Conclusion

Increasing networking of medical devices means these are more commonly coming under the Radio Equipment Directive, RED. Manufacturers must therefore familiarize themselves with the requirements. They should focus in particular on the risk analysis. The installation of radio modules that have already been certified can result in new risks and high costs if not all of the aspects are considered in advance. If you have any questions, you can contact your testing laboratory or the Johner Institute.

---

We want to thank eurofins for their valuable input on this article.

---

Change history

• 2024-02-02: New sub chapter 5.b added
• 2023-02-03: Subchapter “Amendment of the RED Directive” added