What is RED compliance in relation to IoT devices?

RED compliance ensures that IoT or M2M devices meet safety, radio spectrum, and embedded security requirements set by the EU or UK under the Radio Equipment Directive.

Is RED the same as NIS2?

No. RED regulates device-level security and spectrum use, while NIS2 governs organisational cybersecurity and operational risk management.

Are Teltonika routers NIS2 compliant?

Teltonika routers can support NIS2-aligned deployments, but compliance depends on how they are configured, secured, and managed—not just the hardware itself.

What is the UK equivalent of NIS2?

The UK’s Cyber Security and Resilience Bill (CSRB) is the closest equivalent to NIS2, aligning in scope and introducing similar requirements for critical infrastructure operators and digital service providers.

RED vs NIS2: Securing Teltonika and IoT/M2M Deployments

As the worlds of connectivity and cybersecurity increasingly overlap, those working with M2M and IoT deployments—including installers, network engineers, specifiers, and connectivity resellers—face rising pressure to ensure both the security and compliance of their solutions.

Terms like RED compliant and NIS2 compliant are appearing in product brochures and procurement checklists, especially around devices like Teltonika routers and SIM-based remote access solutions. But what do these actually mean? And what are the UK equivalents for businesses operating nationally or across Europe?

This article offers a comprehensive breakdown of:

What RED and NIS2 each cover
Where Teltonika devices fit in
The UK equivalents of each regulation
Practical guidance for delivering secure, standards-aligned IoT/M2M deployments

What Is RED (Radio Equipment Directive)?

The Radio Equipment Directive (RED) (2014/53/EU) is a European Union directive that governs how wireless and radio-enabled devices are placed on the market.

It ensures products meet essential requirements for:

Health and safety
Electromagnetic compatibility (EMC)
Efficient radio spectrum use

From August 2024, RED includes new cybersecurity provisions under Article 3.3(d), (e), and (f):

Devices must not harm the network or misuse resources
Devices must safeguard personal data and privacy
Devices must include features to prevent fraud

These apply to all radio-connected devices that connect to the Internet—which includes most M2M and IoT routers.

Teltonika and RED Compliance

Teltonika has responded by ensuring their routers (e.g., RUTX50, RUTM30, TRB500) are RED-compliant. This typically means:

HTTPS is enabled by default
Signed firmware and secure boot are in place
Devices include user authentication and encryption options
Manufacturers provide a Declaration of Conformity (DoC) for CE marking

✅ RED compliance means the hardware is built with embedded security in mind and meets regulatory standards for sale in the EU.

What Is NIS2?

While RED focuses on device design, the NIS2 Directive (Network and Information Systems Directive 2) is about organisational cybersecurity and risk management.

NIS2 applies to businesses and public entities operating in:

Essential sectors (e.g., energy, transport, water, healthcare)
Important sectors (e.g., digital infrastructure, telecoms, manufacturing)

Effective from October 2024, NIS2 requires entities to:

Implement risk management policies
Enforce access control, encryption, and secure communications
Report incidents within 24 hours, with a full report within 1 month
Ensure supply chain and third-party risk management
Hold senior leadership personally accountable for cybersecurity failures

NIS2 and IoT Deployments

For users deploying Teltonika routers or similar M2M hardware, NIS2 applies not to the device, but to the way the device is used and secured in the network.

A RED-compliant Teltonika router might still be non-compliant with NIS2 if:

It’s exposed to the internet via a public IP SIM without a firewall
It uses default credentials or weak passwords
It lacks monitoring, VPN tunnelling, or regular firmware updates

⚠️ NIS2 raises the bar for operational security. Simply choosing a secure device is no longer enough.

UK Equivalents: RED and NIS2 Post-Brexit

In the UK, the equivalents are as follows:

✅ RED Equivalent: Radio Equipment Regulations 2017

Post-Brexit, the UK retained RED in the form of the Radio Equipment Regulations 2017.
Devices must carry the UKCA mark or dual CE + UKCA during the transition period.
Applies the same security and radio requirements as EU RED.

✅ NIS2 Equivalent: Cyber Security and Resilience Bill (CSRB)

The UK’s upcoming CSRB is set to replace and extend the NIS Regulations 2018.
While not identical to NIS2, it aligns closely in:
- Sector scope
- Reporting timelines (24h + full report within 72h)
- Emphasis on supply chain and infrastructure security

RED vs NIS2: Key Differences for Connectivity Professionals

Feature	RED	NIS2
Applies to	Device manufacturers	Businesses and public bodies
Focus	Hardware safety, security, and spectrum use	Organisational cybersecurity and resilience
Enforced by	CE/UKCA mark, market surveillance	National cyber authorities
Covers IoT SIM usage?	❌	✅
Covers VPN/firewall practices?	❌	✅
Covers firmware update policies?	✅ (basic)	✅ (ongoing risk management)

What This Means for Teltonika + SIM-Based Deployments

If you’re supplying or installing Teltonika routers with SIM cards, here’s what RED and NIS2 mean in practice:

RED ensures the hardware is secure out of the box.
NIS2 requires the deployment to be secure in real-world use.

A Teltonika router can be RED compliant but fail NIS2 expectations if:

It’s exposed using a fixed public IP with no firewall
It doesn’t use VPN encryption for remote access
Logging is disabled or incomplete
Default credentials are left unchanged
Updates aren’t tracked or applied

NIS2 (and CSRB) demand that installers and service providers take proactive responsibility for the entire lifecycle of the router’s deployment—not just its initial setup.

Best Practices for NIS2-Aligned Installations

To ensure RED compliance is matched by operational security, follow these steps:

🔒 Secure Device Configuration

Change default usernames and passwords
Enable 2FA where supported
Enforce HTTPS for web access

🌐 Network-Level Security

Avoid exposing devices via public IP addresses
Use private APNs and VPN-based access (e.g., OpenVPN, WireGuard)
Block unused ports and services

🛡️ Remote Monitoring & Updates

Enable RMS or third-party monitoring
Keep firmware up to date and log update history
Enable alerting for suspicious activity

🧾 Compliance Documentation

Maintain audit logs of device setup and changes
Keep supply chain records (DoC, firmware hashes, vendor contact)
Prepare incident response plans

Summary: How to Talk About Compliance

It’s incorrect to say that a router is “NIS2 compliant.” Instead, use terms like:

“RED-compliant hardware, suitable for NIS2-aligned deployments”
“Designed for secure use in regulated M2M/IoT environments”
“Supports secure VPN access and encryption in line with EU/UK cybersecurity directives”

This reflects the truth: compliance is a shared responsibility between manufacturer, installer, and operator.

Final Thoughts

With NIS2 enforcement around the corner in the EU and the CSRB fast approaching in the UK, M2M and IoT professionals must stay ahead of the curve.

RED compliance is essential—but it only guarantees device-level security.
NIS2/CSRB readiness is about how those devices are configured, connected, and maintained.

Teltonika provides the tools to build secure deployments—but it’s up to integrators, resellers, and specifiers to design, document, and maintain them to the standards now required by law.

Stay informed. Stay secure. And build connectivity solutions that meet the standards of tomorrow.

Understanding RED vs NIS2 for Teltonika and IoT/M2M Deployments: A Practical Guide for Connectivity Professionals