MultiTech RED-DA Compliance Summary

MultiTech’s gateways, routers, and modems feature wired and wireless interfaces capable of autonomous internet connectivity and fall within the scope of RED-DA. Devices placed on the EU market before August 1, 2025, are exempt, but new units or major updates after this date must comply.

RED-DA compliance is critical for MultiTech to:

• Maintain uninterrupted EU market access
• Protect users from cybersecurity threats like unauthorized access, data breaches, and network disruptions (e.g., DDoS attacks)
• Enhance product trust and competitiveness

By aligning with EN 18031 standards, MultiTech ensures its IoT products meet EU expectations for network resilience, data privacy, and fraud prevention.

• Inventory: Identify all in-scope products, including gateways, modems and routers with both wired and wireless connectivity
• Assets: Map network, security, and privacy assets like network interfaces, authentication mechanisms, and data storage to EN 18031 requirements
• Risk: Perform comprehensive risk assessments for vulnerabilities across network connectivity, data handling and transaction processes

• Network Protection (EN 18031-1): Implement secure communication protocols like TLS encryption, robust certificate-based authentication, and access controls in MultiTech products
• Data Privacy (EN 18031-2): Incorporate encryption for data in transit and at rest, secure storage, and user consent mechanisms into product software
• Fraud Prevention (EN 18031-3): Not applicable - MultiTech products do not support financial transactions

• Self-Assessment: Follow a self-assessment route for most MultiTech products to confirm EN 10831 compliance and prepare technical documentation to support a self-signed Declaration of Conformity (DoC)
• Notified Body Engagement: Engage Notified Bodies for EU-Type Examination Certificates (EU-TEC) to ensure compliance where appropriate

• Secure OTA Updates: Deliver firmware and software updates securely
• Technical Documentation: Maintain detailed specifications, risk assessments, and compliance evidence for EN 18031
• CE Marking: Signal adherence to RED-DA by marking all compliant products with the CE mark

• Security by Design: Integrate certified modules and secure coding practices during the design phase
• Testing and Validation: Perform internal and third-party penetration testing for EN 18031 compliance
• Customer Support: Provide integration guidance to customers for system-level compliance
• Notifications: Provide a form to sign-up for cybersecurity notifications at https://multitech.com/security/

• 24/7 Managed Detection and Response (MDR)
• Continuous vulnerability scanning
• Cybersecurity insurance with enforced 2FA
• Security Awareness Training (SAT) for all employees

• SOC 2 – Customer data protection
• ISO 27001 – Information security roadmap

• Air-gapped networks isolated from enterprise systems
• Dedicated Cybersecurity Incident Response Team (CSIRT)

MultiTech’s CSIRT monitors and aligns with international and regional cybersecurity agencies and standards:

• NIST (US)
• MITRE CVE database
• Cyber Resilience Act (EU)
• PTSI (UK)
• California AB 1906 (US)
• ANATEL ACT 77 (Brazil)

• Perform penetration testing by MultiTech, third parties, and customers
• Post public vulnerability announcements

• Complete severity and impact analysis
• Set action plans

• Publish security advisories at https://multitech.com/security/

• Provide software updates
• Communicate via product change notifications (PCNs) and release notes

Reach out to your MultiTech sales representative or explore our technical resources:

Security Advisories - Review industry news and announcements about device and software security issues

Support Portal - Create an account and submit a support case

MultiTech Website – Visit MultiTech’s website for product news and information

+1 (763) 785-3500 | sales@multitech.com

+(44) 118 959 7774 | sales@multitech.co.uk

© 2025 Multi-Tech Systems, Inc. All rights reserved.

MultiTech and the MultiTech logo are registered trademarks of Multi-Tech Systems, Inc. All other trademarks are the property of their respective owners.