Suprema is the first company in the access control industry to receive CE RED cybersecurity certification

The increasing connectivity of access control systems not only brings greater convenience and flexibility, but also raises the bar for protecting sensitive data and defending against cyber attacks. With the revised European Radio Equipment Directive (RED), which will come into force on 1 August 2025, cybersecurity will be integrated into the certification process for IoT and radio equipment for the first time.

One company has already taken this step ahead of schedule: Suprema, a provider of AI-powered security solutions, is the first company in the access control industry to receive CE RED certification in accordance with the new cybersecurity requirements.

Background: Stricter rules for radio and IoT devices

Delegated Regulation (EU) 2022/30 extends the RED to include requirements relating to network protection, personal data security and fraud prevention. This means that in future, access control devices with wireless interfaces such as Bluetooth, NFC or Wi-Fi will also be subject to these requirements – an area in which previous standards were insufficient to meet the growing threats.

For manufacturers, this means that from 2025 onwards, certification will not only cover radio performance and hardware security, but also IT security mechanisms such as encryption, protection against unauthorised access and secure software updates.

The certified devices: BioStation 3 and BioEntry W3

Suprema received certification for the BioStation 3 and BioEntry W3 models. Both systems rely on edge computing: AI algorithms for facial recognition run directly on the device, allowing sensitive biometric data to be processed locally. In addition to facial recognition, the terminals also support mobile credentials (Bluetooth/NFC) and RFID cards.

This combination of different authentication methods means that the devices not only meet the new regulatory requirements, but also address the growing demand for flexible yet secure access solutions.

Signal effect for the industry

Suprema is playing a pioneering role with its early certification. While other manufacturers are still busy adapting their systems, the company is already positioning itself as regulatory future-proof.

For operators of security infrastructures, this means:

• Investment security, as certified devices already comply with upcoming requirements.
• Reduced risk through proven cyber and data protection mechanisms.
• Strengthened compliance, especially in industries with high security requirements such as finance, healthcare or critical infrastructures.

Suprema’s early CE RED certification marks an important step in the development of the access control industry. It makes it clear that cybersecurity is no longer optional, but an integral part of modern access solutions.

With the deadline in August 2025 in mind, the move is also likely to accelerate competition: manufacturers who have not yet adapted their systems to the new requirements are under pressure to act. For users, on the other hand, the certification is a clear indication of which providers are investing in robust security mechanisms at an early stage – and thus building long-term trust.