PIN only for devices brought to market after 1.Aug.2025

Ben · November 27, 2025, 8:05am

Dear Mr. X

My name is Ludger Meinders. Among other things, I am the contact person at our organisation for questions relating to the Radio Equipment Directive (2014/53/EU; RED for short) and its national implementation (FuAG).

The hi-fi audio equipment with Wi-Fi functionality you mentioned falls within the scope of the RED. If this radio equipment was placed on the market after August 1, 2025, the cybersecurity requirements (found in Delegated Regulation (EU) 2022/30) must also be complied with. Among other things, this also regulates requirements regarding passwords. This is intended to minimize the possibility of cyberattacks.

I hope this brief explanation has been helpful.

Best regards,

Ludger Meinders

German Market Surveillance Forum (DMÜF) Office;

International Market Surveillance Issues

Federal Network Agency for Electricity, Gas,

Telecommunications, Post, and Railways

Blinke 6, 26789 Leer

Phone: 0491 9298-164

Email: Ludger.Meinders@bnetza.de

Website: www.bundesnetzagentur.de

leefowan · November 27, 2025, 9:31am

My rs-250 bought on 2023, still need the damn code

Bitspeed · November 27, 2025, 11:09am

Smegel · November 28, 2025, 2:02pm

Its a firmware update so yeah… regardless when you bought the unit… it gets the update.

Eleven · November 28, 2025, 5:43pm

Sept 20, 2025:
The SQA team asked the Software Team whether it is possible to hide the PIN code input window for users outside of Europe.
Oct 23, 2025:
The Software Team reviewed several potential methods—such as determining the user’s country based on MAC address or detecting the region through the active IP address—but was unable to find a reliable solution.

Smegel · December 2, 2025, 6:26pm

Yup.
The issue is that you can get the mac address, but you need the IP address then you need to match it against all of the IP address blocks that are within the EU.

It can be done… however its not reliable because you can use a VPN that would make it appear that you are accessing the network from a different country.

The most reliable way to do this is to allow you to opt-out of the pin.
Meaning that its there and on for everyone… and then if you don’t want to use it… you can turn it off. This complies w the EU directive because its the feature is there and defaulted to on… and then its up to the user to turn if off if they don’t want it.

They could have gone with any passcode string but they made it an 8 digit number which defeats the length because you are going to choose a date (8 digits ) and one that you can easily remember.
(Making the attack much easier.)

ROSEHAN · December 3, 2025, 11:17pm

Dear HiFi Rose users

First of all, regardless of when the Rose product was purchased, the PIN code requirement is applied through a firmware update. Therefore, the PIN code must be entered no matter when the device was bought.

We will once again confirm with the certification authority whether the PIN code feature must be strictly enforced, and we are considering a solution that would allow users to turn the PIN code function on or off if they wish.
However, there is a possibility that the certification authority may also reject this approach.

Thank you

Sumi · December 4, 2025, 1:44am

Glad to hear that this idiotic feature will probably get removed.

ROSEHAN · December 4, 2025, 2:31am

@Sumi

I never said that the feature would be removed.
I only mentioned that we will check with the certification agency.

Eleven · December 4, 2025, 2:34am

I will go out on a limb and predict that your “entreaty” will be rejected by the authorities.

Tony22 · December 4, 2025, 3:22am

What is any other maker selling gear in the EU doing?

ROSEHAN · December 4, 2025, 11:25pm

@Tony22

There are other audio manufacturers using Wi-Fi that do support a similar feature, some that use a different type of authentication, and others that do not use a PIN code at all.
Because of this, we are currently looking into the situation in more detail.

Ben · December 5, 2025, 10:19am

Security is always uncomfortable. Even the key to your house is security. The more secure the more discomfort it generates.

After all it is entirely possible that an attack gets through your WIFI router into home devices behind this router. Today there are a lot of devices like audio players, disk drives, radios, TV’s, computers, Notebooks, mobile phones, fridges… they all have som intelect buiult in whcih can be used for unwanted reasons…

So this RED directive makes sense but the PIN should be possible to deactivate. Which would leave the OS of the ROSE audio palyers wide open for attacks.

Now the question is how to balance security and comfort ??? Always !

Ben · December 5, 2025, 2:10pm

On the question wether the PIN can be disabled by the end user;

Dear Mr. B.

The Federal Network Agency is not permitted to provide legal advice. Although the Federal Network Agency applies laws, it is ultimately the courts that interpret the laws in a binding manner. I am therefore answering your questions in light of our administrative practice. Due to the recently enacted Delegated Regulation (EU) 2022/30, the answers are primarily provided in the general context of the Radio Equipment Act.

With regard to PIN setting, the applicable standard EN 18031-3 specifies procedures, among other things. Here, it is also possible, among other things, that no password is set or used (see Chapter 6.2.5.1). In this case, however, the note in the published listing of the standard must be observed: “This harmonized standard does not establish a presumption of conformity with the essential requirement referred to in Article 3(3), first subparagraph, point (f) of Directive 2014/53/EU if, in applying clauses 6.2.5.1 and 6.2.5.2, the user is allowed not to set or use a password.”

This means that if no password needs to be assigned, a notified body must be involved in the conformity assessment procedure in order to ensure conformity in this case.

Best regards,
Ludger Meinders

leefowan · December 5, 2025, 3:29pm

I’m not live in europe, this is korea product, why am i need to follow their law?

leefowan · December 5, 2025, 3:31pm

security for WHAT?, why should hifi rose make us unhappy?

Smegel · December 5, 2025, 5:54pm

There are two issues.
Does your device store any PII information? Data protection on the device.
Wi-Fi … can your device get hacked and then bad actors use your wi-fi as an access point into your home network or other devices…

Now for the silly part.
In order to get to the Rose on any properly configured network… they have to gain control over your wi-fi hotspot / repeater / router … Your home devices are not normally visible to the internet except thru NAT.

Eleven · December 5, 2025, 5:57pm

Yes, very silly indeed.

BorisM · December 5, 2025, 10:32pm

Sillier still, the PIN might protect someone who is already at your home and has physical access to the Rose device from seeing your… Tidal username? Playlists? The horror!

It does not stop someone who had hacked into your home network from siphoning out any other data that may be stored in the device, if they really want to.

Ben · December 6, 2025, 7:03am

It is not the evil eye of one of your visitors at home.
It is scripts which automatically scan the internet and attached devices for exploitable security holes.
I know what i am talking about. I was once responsible for IT security in a company. The access point from the internet into corporate gets attacked many thousand times a day. Also your home router get such attacks…

As i said above. Security is always a compromise between comfort and security