CNLABS Validates Sophos Product Lines for EU RED Compliance

Cybersecurity Testing for EU RED Compliance and CRA Readiness

Mar. 12, 2026 at 5:38pm

Got story updates? Submit your updates here. ›

CNLABS, an independent testing and certification laboratory, has successfully completed cybersecurity conformity testing and delivered a Technical Evidence Dossier for multiple Sophos product lines, including XGS Firewalls, AP6 wireless access points, and SD-RED secure edge devices. This validation supports compliance with the European Union Radio Equipment Directive (EU RED) Article 3.3 requirements.

Why it matters

The EU RED Article 3.3 represents a significant shift in how cybersecurity is regulated for connected products placed on the EU market. Manufacturers must not only meet technical requirements but also demonstrate compliance in a way that withstands regulatory and market surveillance scrutiny.

The details

The assessment covered applicable EN 18031 requirements across network protection, protection of personal data and privacy, and safeguards against fraud and misuse. Associated technical documentation and conformity evidence were also reviewed and validated to support CE marking maintenance and regulatory acceptance.

  • The testing and validation were completed on March 12, 2026.

The players

CNLABS

A globally recognized, independent ISO/IEC 17025-accredited test and certification laboratory.

Sophos

A cybersecurity company whose product lines, including XGS Firewalls, AP6 wireless access points, and SD-RED secure edge devices, were validated for EU RED compliance.

Martin Becker

The Principal Product Manager for Certifications at Sophos.

Krishna Kumar Lahoti

The Director of CNLABS.

Got photos? Submit your photos here. ›

What they’re saying

“Over the past few years, Sophos has consistently engaged with CNLABS across a wide range of regulatory compliance and certification programs, including IPv6 Ready Logo, India's TEC MTCTE framework, Malaysia's SIRIM approval, and now the EU RED cybersecurity requirements. CNLABS' ability to interpret complex regulatory requirements and provide clarity across both technical testing and compliance expectations has been invaluable in navigating these programs. This expertise further reinforces CNLABS' role as a trusted test partner, especially as upcoming EU cybersecurity regulations expand beyond product–level compliance to include broader lifecycle obligations.”

— Martin Becker, Principal Product Manager for Certifications at Sophos

“EU RED Article 3.3 represents a significant shift in how cybersecurity is regulated for connected products placed on the EU market. For manufacturers, the challenge is not only meeting technical requirements but demonstrating compliance in a manner that withstands regulatory and market surveillance scrutiny. CNLABS integrates deep cybersecurity testing expertise with strong regulatory experience to address these challenges and support manufacturers with EU RED compliance and CRA readiness.”

— Krishna Kumar Lahoti, Director, CNLABS

What’s next

Building on RED Article 3.3, the EU Cyber Resilience Act (CRA) extends cybersecurity obligations beyond individual products to cover lifecycle security requirements. Through its EU Readiness Program, CNLABS supports manufacturers across EU RED and CRA requirements, including cybersecurity testing, conformity evidence validation, and compliance readiness.

The takeaway

CNLABS' successful validation of Sophos' product lines for EU RED compliance demonstrates the laboratory's expertise in interpreting complex regulatory requirements and providing clarity on both technical testing and compliance expectations. This reinforces CNLABS' role as a trusted partner for manufacturers navigating the evolving cybersecurity regulations in the EU market.