Northern Ireland has tightened the rules for connected devices. The Radio Equipment (Amendment) (Northern Ireland) Regulations 2025 were signed on 25 November and take effect on 16 December 2025. They update the Radio Equipment Regulations 2017 to implement Commission Delegated Regulation (EU) 2022/30 under the Windsor Framework.

In practical terms, the law adds fresh essential requirements for internet‑connected radio equipment. Products must be designed so they do not harm networks or degrade service, payment‑enabled devices must support features that protect users from fraud, and a wide set of devices must include safeguards for personal data and privacy.

The privacy duty captures not only phones and routers but also childcare equipment, toys within scope of the 2009 Toy Safety Directive, and anything worn on or attached to the body or clothing-smartwatches, fitness bands, medical alerts, smart rings and similar. It applies wherever the product can process personal, traffic or location data.

The anti‑fraud requirement is triggered when a device enables the transfer of money, monetary value or virtual currency. For a wearable ring that supports tap‑to‑pay or a connected point‑of‑sale accessory, this means building in features that ensure transaction integrity and reduce the risk of account takeover or cloning.

The network protection duty is aimed at stopping insecure devices from disrupting service or misusing resources. Think of a cheap connected camera that joins a botnet and floods a network: from 16 December, equipment placed on the Northern Ireland market must be built so it does not cause that kind of degradation.

Regulation 6A is where these changes sit. It works alongside existing safety and electromagnetic compatibility rules and the recently signposted common‑charger category, and it plugs straight into the established conformity assessment processes in regulation 41. For businesses, the compliance playbook stays familiar-just with more requirements to evidence.

Scope has limits. Where other legislation listed in Article 2 of Delegated Regulation 2022/30 already covers the risks, the new privacy and anti‑fraud duties do not apply. Manufacturers should record any reliance on these exclusions in the technical file with a clear legal reference.

Conformity assessment follows the 2017 framework. If a product fully applies relevant standards for the new requirements, internal production control may be enough; if not, a third‑party route is likely. The CE‑based regime continues to operate in Northern Ireland under the Windsor Framework, so existing market access practices remain in play.

Manufacturers, importers and distributors selling into Northern Ireland should now update technical files and Declarations of Conformity to reference regulation 6A, refresh threat models to cover network misuse and fraud, and document privacy by design for any device that processes personal or location data.

Case study: a Belfast payments start‑up launching a smart ring in Q1 2026. Because the ring can transfer monetary value, it must include anti‑fraud controls. The team will need to document secure authentication, protect credentials at rest and in transit, and demonstrate effective measures during conformity assessment before shipping to retailers in Northern Ireland.

Case study: a UK importer of children’s GPS watches. These are worn on the body and process location and personal data. From 16 December 2025, the importer must verify the manufacturer has built in privacy safeguards-sensible defaults, data minimisation and secure communications-and that the documentation clearly maps to regulation 6A. Without it, stock cannot be placed on the NI market.

Supply chains will feel the change. GB‑based brands selling into Northern Ireland may run dual compliance calendars this winter, adjusting firmware and documentation for NI‑bound units first. Component buyers should confirm with silicon vendors which security features support the new duties, and customer services should be ready to explain any user‑visible changes such as new privacy prompts.

Governance notes matter for planning. The instrument is signed by the Minister for Employment Rights and Consumer Protection, Kate Dearden, and an Explanatory Memorandum is available on legislation.gov.uk. No separate impact assessment accompanies the SI because it flows from the European Union (Withdrawal) Act 2018.