Samsung has decided to proceed with the Bootloader blocking also in Europe, a move that has caused a lot of discussion. Behind this choice is a European regulation that will come into force in August 2025 and which risks changing smartphone usage in Europe forever. This is why other manufacturers may soon follow suit.
From 1 August 2025, new provisions will come into force RED Directive (Radio Equipment Directive), which redefines the compliance requirements for all radio devices sold in Europe. This is a significant change, not so much for the amount of regulations introduced, but for the effect they will have on the entire Android ecosystem. The issue revolves around three articles that impose specific protections: against network interference, personal data compromise, and digital fraud. These are, in themselves, sacrosanct rules.
But the crux comes with the interpretation prevailingEach device must ensure full compliance not only with the hardware, but also with the software that controls the radio modules. This is where the bootloader comes in. Unlocking it essentially allows you to replace the original operating system with an alternative one, such as LineageOS or GrapheneOS.
But these systems, if they modify the radio drivers even minimally, invalidate the CE certification. An uncertified device can no longer be legally marketed or used, at least according to the most stringent reading of the law.
This scenario has therefore led Samsung to protect its devices. Not on a whim, but to avoid any software modifications falling under your legal liability. If a user installs a ROM that interferes with radio frequencies or compromises communications security, the manufacturer (and in some cases the importer) may be held directly liable.
RED does not explicitly talk about unlocking the Bootloader or custom ROM, but it opens one regulatory space in which the margins for maneuver are they narrow. And in doing so, it provides a solid argument for those who have been trying for years to close the loop between hardware, software, and services. After all, customizing the operating system also means breaking away from proprietary services and, therefore, from the model that ties the user to the brand.
Samsung is just the first to move, but it’s hard to imagine it will be the only one. Starting in August 2025, it’s very likely that other manufacturers will follow suit, at least for the European market.
The reasoning behind it is such bullshit, since the radio chip runs it’s own OS anways.
Btw, the RIL partition (that can break radio if somethings wrong) only communicates with the chip OS. And it’s finicky because every chip & OS version has different nuances in the protocol.
I hate the fact that the more technologically literate you are, the more you run away from it.
A smartphone with latest android, Gemini, google pay, a smartwatch, ChatGPT and a smart home?
Nope, I would rather have a Linux phone that is mostly incompatible with what is expected of modern smartphones, no AI please! Google pay? Only cash or monero! My watch is very smart, it can telle the time for a few years without a recharge, and nothing else!
This was the only reason I liked Android over iOS: the CFW community. I’ve been running some sort of CFW since Android 4.0. Now, the charm has gone. GrapheneOS, SailfishOS, e/OS, LineageOS, iode OS, and even CyanogenMod – I’ve used them all. Each one has its own target group and use case. I hope it turns into the better one again. It’s like forcing a PC to only run the OS it’s delivered with.
This sounds like bullshit.
An uncertified device can no longer be legally marketed or used
Ok, but I’m not marketing my LineageOS phone and I don’t believe Samsung can be responsible for me using it. It sounds like phones with custom ROM will simply lose CE certification (unless the custom ROM is itself certified). Samsung obtains the CE certification and sells certified phone. Making them responsible for anything that happens after that (besides regular updates) is something completely different than what this article talks about. It would basically mean that Samsung has to make sure that their devices cannot be hacked/rooted but ensuring security of hardware and software is something completely different and is covered by different laws. Even the RAD website clearly says this:
“In 2021, the Commission decided to pause the initiative following the announcement of the Cyber Resilience Act (CRA), due to potential overlaps. In 2023, it was agreed that cybersecurity requirements would transfer from the Radio Equipment Directive (RED) to the CRA.”
An uncertified device can no longer be … used
Oh, fuck. Call the French, they have the most active civil society that actually can burn a thing or two during a week or two. That is the craziest law ever, denying the most basic human rights! That is literally a prohibition of DIY of any kind.
You connect a wire to a battery and you just created an illegal transmitter!
Yes. I guess no more nine volt batteries in Europe. Or maybe we should focus on banning the sale of assorted lengths of wire.
Lately I’m more and more disappointed in EU legislations. Especially having to live with them…
I mean, this is corporations using decent regulations as an excuse to do something they’ve probably already wanted to do.
Like how the cellular module is proprietary and locked down, even on something like a Librem phone. Or like how DVD players had to use proprietary software to force comply with DRM.
Wait - is this about all radio devices or only mobile connectivity ones?
I.e., is WiFi affected as well? Or does it only affect internet that you access through your carrier?
The article says:
From 1 August 2025, new provisions will come into force RED Directive (Radio Equipment Directive), which redefines the compliance requirements for all radio devices sold in Europe.
Which technically would also affect WiFi.
Has anyone verified what this article says?
Here’s the directive in question: https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng It doesn’t seem to imply what the article implies.
Also, here are some things from the discussion on HN
As is usual, there seems to be a massive misunderstanding what the directive is and means. The TLDR is that the directive contains no clauses that compels phone makers to keep the Android bootloader locked or that forbids EU users from unlocking it.
Samsung’s public reasoning might be that disabling unlocking the bootloader because of the directive, but there is nothing in the directive that forces them to lock the bootloader. It does sound like a convenient scapegoat if they don’t want to talk about the real reasons though.
The phone makes who end up disabling the unlocking of bootloaders are all doing so on their own accord, not because some regulation is forcing them to.
Finally, the EU’s broader right-to-repair policies makes it kind of impossible that an outright prohibition of unlocking the bootloader could happen. But of course, nuance doesn’t make people click article titles on the web…
I think it’s Samsung that interpreted the rule at their advantage in a way that sends more devices to the landfill
The whole smart phone thing is such a lesson in letting go of the rope.
Once you let corporations get away with a little, they will eventually take everything.
Every time we lost a bit of control me and a few of enthusiasts were screaming, but the regular populace just shrugged…
Even on reddit you’d have to argue with idiots “oh just use Bluetooth headphones! Oh who needs sd cards, just use the cloud! Oh who needs rooting, it’s not needed”
I swear to god if Windows / OS were invented today 80 of people would just shrug as all control of their PC was taken away.
Is this also the end of Software-Defined Radio in Europe?
and by extension possibly secure router firmware like OpenWRT too?
Wait, what does that mean for USB LTE devices? Devices that you can attack to a desktop computer to give you mobile internet. Last time i checked, they’re widely available.
Would these become illegal as well?
Chat message scanning can come in October, age verification is also introduced in various countries. Things are getting serious.
WTF just happened in Europe in the last few months. We used to be some sort of (dimmly lit) beacon of user freedom and privacy considerations. Now, I know there’s been a push for new legislations that basically fuck individual privacy over, but last I checked it was just a proposal. And now we’re doing a fucking 1260° turn toward full stanglehold on everything.
There’s also this article from yesterday: Austria legalises state spyware amidst strong opposition
i wonder what changed. these regulations are certainly a threat. they justified it with the “threat of (islamistic) terrorism”, though i don’t know what’s really going on there.
I mean, Mexico has never been a beacon of privacy or regulations (just for super specific technologies that were implemented first, mostly banking ones), but the government has also been pushing weird changes to how they handle surveillance and personal identifications, giving more power to the authorities while they’re exempt for most of the transparency laws (everything they do, even public infrastructure is managed as some kind of ‘state secret’).
I am scared.
This is really badly written, and that particularly annoys me because the subject matter is actually important.
