If you are a renewable asset owner or an energy trader, meeting information security requirements is a licence to operate. Many energy companies are rightly pursuing or maintaining ISO 27001 certification to manage meet these requirements and manage their risk.

But an ISO 27001 certification covers more than just internal processes; it also requires you to manage information security risks across your entire supply chain and infrastructure.

This is where a new, mandatory EU regulation comes in. Meet the Radio Equipment Directive (RED) Article 3.3.

Since the 1st of August, 2025, any internet-connected radio equipment sold or installed in the EU must comply with these new cybersecurity rules. This means that if you work with local Energy Management Systems (EMS) or equipment that connects to the internet – directly or through a gateway – this rule applies to you.

What RED 3.3 demands from your control gateway

The RED 3.3 update introduces three main cybersecurity requirements. For energy assets controlled by a gateway like the Teleport, the most important is Article 3.3d (Network protection). This article mandates that a device must not harm the network or misuse its resources.

The other two articles, 3.3e (Data/privacy) and 3.3f (Fraud prevention), are not applicable to the Teleport Gateway, as it is a machine-to-machine device that does not process personal data or handle financial transactions.

The consequences for using non-compliant hardware after the August 2025 deadline are serious. Devices without compliance cannot receive a CE mark, making it illegal to sell or install them in the EU. This can lead to project delays, forced product recalls, and significant financial penalties.

How the Teleport Gateway provides compliance

The Teleport Gateway has successfully completed its self-assessment and is compliant with the applicable requirements of RED Article 3.3d. Here is how it addresses the network protection requirement:

• Secure by design: The Teleport only uses encrypted, outbound connections. This means there are no open inbound ports, which significantly reduces the attack surface and prevents unauthorized access from the internet.
• Maintained and updated: We provide secure, automatic software updates to patch vulnerabilities quickly and safely. We continuously monitor for new threats and review our compliance with every major software or hardware update.
• Robust access controls: While not related to a specific RED article, our system ensures that only authorized users or partners can issue commands. This protects your assets from manipulation and supports a secure operational environment.

What this means for your projects

By choosing the Teleport Gateway, you are using an asset controller that is future-proof and aligned with the highest European security standards. This allows you to:

• De-risk your projects: Deploy assets that meet EU cybersecurity standards without fear of regulatory delays, fines, or future recalls.
• Support your cybersecurity certifications: You are probably ISO 27001 and ISO 9001 certified (or are working towards it), and preparing for NIS2. Using a RED 3.3-compliant gateway provides clear evidence of a secure, compliant supply chain.
• Prove commitment to secure and future-ready operations: By selecting a supplier that meets upcoming legal requirements early, you show your stakeholders that you take security and compliance seriously (and don’t cut corners!).

Our partner Novar puts it this way:

“We are responsible for the long-term security of our assets. Using the Teleport, which is RED 3.3 compliant, helps us de-risk projects from day one. It’s a key component in our technical package that supports our ISO 27001 efforts, and gives us and our stakeholders confidence in our long-term operations.”
Eric Trijels – Novar