|
| 1 | +--- |
| 2 | +title: "RED DA Compliance (Part 2): Espressif’s Platform Support, Templates, and Pathways for Conformity" |
| 3 | +date: 2025-07-09 |
| 4 | +showAuthor: false |
| 5 | +authors: |
| 6 | + - anant-raj-gupta |
| 7 | + - sachin-billore |
| 8 | +tags: |
| 9 | + - Security |
| 10 | + - IoT |
| 11 | + - ESP-IDF |
| 12 | + - ESP32 |
| 13 | +summary: Espressif is streamlining RED Delegated Act (RED-DA) compliance by providing pre-certified firmware platforms, documentation templates, and partner support to help developers meet the upcoming EN 18031 standard. With flexible pathways including self-declaration and third-party assessments, developers can accelerate EU market readiness for Aug 2025 and beyond. |
| 14 | +--- |
| 15 | + |
| 16 | +## Introduction |
| 17 | + |
| 18 | +In [Part 1 of this series](https://developer.espressif.com/blog/2025/04/esp32-red-da-en18031-compliance-guide/), we introduced the upcoming requirements of the **RED Delegated Act (DA)** and the associated harmonized standard **EN 18031**, which comes into effect in **August 2025**. These new obligations place a strong emphasis on **cybersecurity, privacy, and protection against network abuse** for all radio-connected products entering the European market. |
| 19 | + |
| 20 | +With the compliance deadline drawing closer, Espressif is taking proactive steps to simplify and accelerate the path to RED DA compliance for developers building with our chipsets and modules. |
| 21 | + |
| 22 | +--- |
| 23 | + |
| 24 | +## Documentation Templates – Foundation for Compliance |
| 25 | + |
| 26 | +To further assist customers, we have prepared technical document templates for the ESP32 series of SoCs. These templates are intended to assist manufacturers in preparing RED-DA self-assessment compliance documentation for products based on the ESP32 series of SoCs. |
| 27 | + |
| 28 | +These templates are being developed in close collaboration with **[Brightsight](https://www.brightsight.com/)** to ensure they meet the expectations of **Notified Bodies**, **Market Surveillance Authorities**, and **Approved Testing Labs (ATLs)**. |
| 29 | + |
| 30 | +### What’s Included in the Templates? |
| 31 | + |
| 32 | +**Base conformance documentation templates** include: |
| 33 | + |
| 34 | +- **Product Risk Assessment :** This document outlines the identified security risks related to Article 3.3(d) of the RED Delegated Act, specifically concerning network harm. |
| 35 | +- **Applicable EN 18031 Standards :** This document details how the product meets the security requirements defined in the harmonized standard EN 18031-1. |
| 36 | +- **Declaration of Conformity :** This is a template that manufacturers can use to declare their product compliance with the RED Delegated Act through the self-assessment route. |
| 37 | +- **Technical Specifications :** Details about the product design and features. This is a product-specific document. |
| 38 | + |
| 39 | +These templates are intended to be used as a **starting point**, allowing product makers to significantly reduce time and effort in preparing RED DA compliance documentation. |
| 40 | + |
| 41 | +--- |
| 42 | + |
| 43 | +## Compliance Pathways: Choose the Approach That Fits Your Product |
| 44 | + |
| 45 | +With Espressif’s platform support and draft templates, you now have **three practical paths** to achieve RED DA compliance, depending on your product complexity, internal expertise, and certification strategy. |
| 46 | + |
| 47 | +### **1. Self-Declaration Using Espressif Templates** |
| 48 | + |
| 49 | +For customers using Espressif firmware stacks with minimal customization: |
| 50 | + |
| 51 | +* You can adapt the provided documentation templates for your specific product. |
| 52 | +* Complete a **self-assessment** and issue a **Declaration of Conformity (DoC)**. |
| 53 | +* Suitable for devices not under the restricted list and companies confident in handling regulatory documentation. |
| 54 | + |
| 55 | +### **2. Consultancy-Assisted Self-Declaration** |
| 56 | + |
| 57 | +If additional guidance is needed: |
| 58 | + |
| 59 | +* Work with a **security consultancy** to update the templates, fill any gaps, and validate your conformity documentation. |
| 60 | +* You remain responsible for issuing the final DoC, but with confidence that expert support has verified your assumptions. |
| 61 | + |
| 62 | +### **3. Full Conformity Assessment via ATL or Notified Body** |
| 63 | + |
| 64 | +For products with: |
| 65 | + |
| 66 | +* Products which will fall under the restricted list as defined in the standard |
| 67 | +* Custom security models |
| 68 | +* Mandatory for a certain device types |
| 69 | +* Demanding Market segments |
| 70 | + |
| 71 | +Engaging an **Approved Testing Laboratory (ATL)** or **Notified Body** allows a formal third-party evaluation to issue an **attestation of conformity**, which can carry more weight during audits or market checks. |
| 72 | + |
| 73 | +--- |
| 74 | + |
| 75 | +## Recommended Partners for Compliance |
| 76 | + |
| 77 | +While Espressif will try to facilitate maximum support for our customers to achieve the RED DA conformance, we understand that some customers may need further professional assistance. In order to facilitate this, Espressif will continue to work with other companies to provide a streamlined solution. At present, Espressif has established following partnerships that customers can take advantage of. |
| 78 | + |
| 79 | +### 🔸 [**Brightsight**](https://www.brightsight.com/) |
| 80 | +{{< figure default=true src="img/brightsight-logo.webp" >}} |
| 81 | +* Services: End-to-end RED DA conformity assessment (ATL), documentation advisory, vulnerability analysis |
| 82 | +* Role: Espressif’s direct partner for preparing reference documentation and platform-level conformance |
| 83 | + |
| 84 | +### 🔸 [**CyberWhiz**](https://www.cyberwhiz.co.uk/) |
| 85 | +{{< figure default=true src="img/cyberwhiz-logo.webp" >}} |
| 86 | +* Services: RED DA consultancy and documentation preparation |
| 87 | +* Role: Independent consultancy specialized in embedded systems and EU compliance |
| 88 | + |
| 89 | +> If you need introductions or referrals to either of these partners, contact us via **[[email protected]](mailto:[email protected])**. |
| 90 | +
|
| 91 | +--- |
| 92 | + |
| 93 | +## Espressif's Compliance Coverage: What We Will Support |
| 94 | + |
| 95 | +Espressif will complete the full RED DA conformance and provide the related reports and documentation for firmware platforms where Espressif is the primary maintainer and software publisher. These include: |
| 96 | + |
| 97 | +### ✅ **[ESP-AT](https://docs.espressif.com/projects/esp-at/en/release-v2.2.0.0_esp8266/index.html)** |
| 98 | + |
| 99 | +Our AT command firmware for Wi-Fi and Bluetooth connectivity modules, widely used in embedded products along with a Host MCU. |
| 100 | + |
| 101 | +### ✅ **[ESP-ZeroCode](https://zerocode.espressif.com/)** |
| 102 | + |
| 103 | +An out-of-the-box complete solution with predefined features for fast time-to-market, currently supporting varied Matter devices applications. |
| 104 | + |
| 105 | +### ✅ **[Espressif's AWS IoT ExpressLink](https://www.espressif.com/en/solutions/device-connectivity/esp-aws-iot-expresslink)** |
| 106 | + |
| 107 | +The pre-provisioned, pre-programmed connectivity modules with AWS qualified firmware for AWS IoT core integration, for secure and reliable device onboarding. |
| 108 | + |
| 109 | +For these platforms, Espressif is undergoing formal conformance activities based on the **EN 18031** template supplied by **Brightsight**, a globally recognized security laboratory and Notified Body via SGS Fimko. This conformance is focused on ensuring compliance with the EN 18031 standard. |
| 110 | + |
| 111 | +> **Key Benefit:** When you build your product on top of these firmware platforms which does not include changes to the network stack, you inherit a significant portion of Espressif’s RED DA conformance. The final product compliance is still dependent on the complete application. |
| 112 | +
|
| 113 | +--- |
| 114 | + |
| 115 | +## What to Expect Next |
| 116 | + |
| 117 | +Espressif is currently finalizing draft templates and internal reviews for each supported firmware platform as listed above and ESP32 series SoCs. Over the coming weeks: |
| 118 | + |
| 119 | +* We will provide **documentation packages ** for each firmware platform and ESP32 series SoCs via [***[email protected]***](mailto:[email protected]). We are also evaluating other channels for publication. |
| 120 | +* Platform-specific **guiding document** will accompany the templates to assist in completion. |
| 121 | +* We will host a **webinar** with Brightsight to walk through the documentation and answer developer questions. |
| 122 | + |
| 123 | +We encourage all customers targeting the EU market to start evaluating their RED DA readiness now, especially if product releases are planned for late 2025 or beyond. |
| 124 | + |
| 125 | +--- |
| 126 | + |
| 127 | +## Stay Informed |
| 128 | + |
| 129 | +Espressif remains committed to providing **transparent, practical, and secure** solutions to meet evolving regulatory and market needs. If you have questions about RED DA, documentation needs, or how to engage with our compliance partners, please reach out to us. |
| 130 | + |
| 131 | +- 🌐 [Espressif Developer Portal](https://developer.espressif.com) |
| 132 | +- 📚 [RED DA Part 1 Blog](https://developer.espressif.com/blog/2025/04/esp32-red-da-en18031-compliance-guide/) |
0 commit comments