New Requirements on Reader Receiver Testing |
AIM Europe is engaged in various standardization projects within CEN and ETSI. CEN is the European Committee for Standardization, is an association that brings together the National Standardization Bodies of 34 European countries. ETSI is a European Standards Organization (ESO) for telecommunications, broadcasting and other electronic communications networks and services, We are looking for support in this important work. Want to get involved? Contact Frithjof Walk, President, AIM Europe.

ETSI, published EN 302 208 V3.3.1 “Radio Frequency Identification Equipment operating in the band 865 MHz to 868 MHz with power levels up to 2 W and in the band 915 MHz to 921 MHz with power levels up to 4 W; Harmonised Standard for access to radio spectrum,” which has been consequently endorsed by the European Commission with the publication in the Official Journal of the European Union L258 Volume 64 on 20 July 2021. Based on the new set focus on more efficient spectrum use by the European Commission, new requirements on receiver testing have been introduced in EN 302 208 V3.3.1. This applies to any RAIN RFID equipment and, this is the test on reader receiver sensitivity with limits depending on reader category for transmit power <= 13 dBm erp, 13 – 30 dBm erp, and >30 dBm erp, as described in EN 302 208 Table 2a.
​
The out-of-band tag spectrum mask limits for the lower band from 865 – 868 MHz has been finally relaxed. Unfortunately, this change is not represented in the spectrum mask in V3.3.1 due to a process error during publication. However, it will be included in V3.4.1, which passed the first ballot in ETSI in February 2022. Details and the benefit for RFID tags comparing V3.3.1 and V.3.4.1 are shown in the figure below. V3.3.1. still contains the ambiguity of defining the spurious emissions limits of -36 dBm erp for devices in the operating state according to Table 2, while displaying in Figure 8 the spectrum limit of -54 dBm erp and -47 dBm erp at frequencies below 862 MHz and 863 MHz, respectively.

​

For the benefit of the RAIN RFID industry, the test methods described in ISO/IEC 18046-2 “Interrogator performance test methods”, which is the associate of ISO/IEC 18046-3 “Tag performance test methods” have been used for the new tests in ETSI EN 302 208 to benefit from the re-use of test solutions and test results as far as possible.

Cybersecurity Extension of RED
AIM Europe’s monitoring of the cybersecurity extension to the Radio Equipment Directive (RED), as outlined in EU Commission Delegated Regulation 2022/30, reflects the growing importance of cybersecurity in radio equipment design, particularly for internet-connected, personal data-processing, and payment-capable devices. This initiative mandates, from August 2025, that such equipment comply with new essential requirements under RED Article 3(3)(d), (e), and (f), effectively making cybersecurity a condition for CE conformity. The accompanying standards, EN 18031-1 to EN 18031-3, specify mandatory security measures such as password protection, with the possibility of self-declaration for non-sensitive devices. However, more complex cases—such as those involving payment capabilities or children’s toys—may require oversight from notified bodies, as current standard methodologies (e.g., for secure updates) are not yet fully endorsed for these high-risk categories. AIM Europe’s role in tracking and interpreting these evolving regulatory frameworks is essential for ensuring manufacturers understand both the obligations and exceptions, especially as additional clarifications from the EU are still forthcoming.

Cyber Resilience Act
The publication of EU Regulation 2024/2847 in November 2024 marked a pivotal moment in the evolution of cybersecurity compliance within the EU, formally initiating the countdown to sweeping obligations under the Cyber Resilience Act (CRA). Manufacturers must begin reporting actively exploited vulnerabilities and incidents to national authorities and ENISA by 11 September 2026, with full CRA compliance becoming mandatory by 11 December 2027. This regulation applies to all products with digital elements—hardware and software alike—and introduces legally binding requirements for security-by-design, vulnerability management, and product lifecycle updates. Non-compliance could lead to multimillion-euro fines, making this a high-stakes directive for industry players. The regulation explicitly prohibits placing products with known vulnerabilities on the market and places enduring responsibility on manufacturers to maintain cybersecurity throughout a product’s lifespan. Standardization efforts, led by CEN/CENELEC in coordination with ETSI, are crucial to the implementation of horizontal and vertical standards, with AIM Europe actively contributing to these processes. As with previous regulatory efforts, the timeline is tight, and the complexity of aligning technical standards with legal requirements presents a formidable challenge.