Ensuring Secure, Compliant Chip Design Ahead of August 2025.
In today’s connected world, cybersecurity is not just a software concern. Attacks increasingly target hardware—exploiting vulnerabilities at the chip level to compromise devices across critical sectors. From connected medical systems to industrial sensors, the integrity of embedded hardware has become essential to securing the overall product. Regulatory frameworks are catching up fast—starting with the EU's new Radio Equipment Directive (RED) cybersecurity requirements.
The Radio Equipment Directive (RED) sets a regulatory framework for radio equipment to be placed on the EU market (CE marking). Its scope includes internet-connected devices, including mobile phones, tablets, IoT devices, wearables, and connected industrial devices and establishes formal, mandatory security requirements.
As of Delegated Regulation 2022/30, three new cybersecurity requirements will become mandatory under the RED as of 1 August 2025:
Network Security (Art 3.3(d)): No harm to the network or misuse of its resources.
Personal Data Protection (Art 3.3(e)): Safeguards to protect user privacy and personal data.
Fraud Prevention (Art 3.3(f)): Measures to prevent fraud.
RED applies to most internet-connected products sold in the EU—and places new expectations on hardware designers to build security into their devices and make sure they can resist cyber threats.
While broad in scope, RED cybersecurity requirements do not apply to a couple of devices.
Medical devices and in-vitro diagnostic medical devices are exempt from these requirements because their cybersecurity is already covered by other EU legislation, such as the Medical Devices Regulation (MDR) and In Vitro Diagnostic Medical Devices Regulation (IVDR).
Electronic road toll systems are excluded from the full scope of the new cybersecurity requirements, as they are already covered by their own regulations (EU Directive 2019/520). Despite the exemptions, road tolling systems must still ensure that their equipment does not harm networks or misuse network resources (Art 3.3(d)).
Radio equipment for civil aviation and motor vehicles are also exempt from certain RED cybersecurity requirements. Radio devices that are not connected to the internet, such as some DAB radios and radar units, are exempt.
These exemptions are limited, however, and any product with network access is likely affected.
Although the RED cybersecurity requirements are aimed at product manufacturers, they have significant implications for chip developers and the semiconductor ecosystem—because where there is connectivity, there is a chip.
To meet these new cybersecurity obligations, semiconductor developers must support:
Secure chip architectures with hardware-based security features (e.g. cryptographic engines, secure boot, trusted execution environments)
Secure storage and data communication mechanisms
Firmware integrity with anti-tampering and robust update mechanisms
These requirements reinforce the importance of integrating cybersecurity at the silicon level, as vulnerabilities in SoCs can compromise the entire system. Developers that embed security at the architectural level now will also be well-positioned for the upcoming EU Cyber Resilience Act (CRA) and other global cybersecurity frameworks.
At Presto Engineering, we support OEMs and system providers looking to embed cybersecurity directly into their silicon designs—whether for secure IoT devices, connected industrial systems, or compliance-sensitive applications.
We design, validate, and deliver custom ASICs and SoCs that meet demanding reliability, performance, and compliance requirements and we do so with strict adherence to data security best practices, as demonstrated by our ISO:27001 certification, as well as CC EAL6+ manufacturing practice and footprint for information security management down to the device personalization.
Our ability to integrate third-party IP, such as secure firmware blocks or cryptographic cores, ensures that cybersecurity features are embedded from the design phase—not added as an afterthought.
To help customers future-proof their products, we collaborate with:
Menta, whose embedded FPGA (eFPGA) IP enables crypto agility with post-silicon reconfigurability and hardware adaptability—valuable for in-field updates and longer lifecycle compliance.
Telsy, a cybersecurity specialist providing deep expertise in cryptography and secure communications, including post-quantum cryptography (PQC) integration. Presto has developed an ASIC integrating Telsy’s advanced cryptographic IP for their Secure Microchip solution.
This advanced programmable cryptographic microcontroller delivers robust logical and physical security for a wide range of applications—including IoT, industrial automation, smart cities, critical infrastructure, and defense.
Together with our partners, we help customers move from specification to tape-out and through volume production, with full control over test, security validation, and supply chain traceability.
With RED cybersecurity requirements arriving in August 2025 and broader regulations like the CRA on the horizon, chip-level security is no longer optional. It’s a foundation for legal compliance, product safety, and market readiness.
At Presto, we’re already supporting customers on this path. Whether it’s through embedded cybersecurity IP, flexible logic for secure system updates, end-to-end ASIC lifecycle support, or we’re helping turn complex compliance into manufacturable silicon—secure by design.
➡️ Learn more about our custom ASIC design services or contact us to discuss how to prepare your next device for RED compliance.