EU is banning bootloaders unlock?

cdflasdkesalkjfkdfkjsdajfd

Hello, expansion of the RED Directive (2014/53/EU) that comes into effect on August 1, 2025.
It seems that this directive indirectly prohibits the unlocking of bootloaders.

https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng

de0u

cdflasdkesalkjfkdfkjsdajfd ~~I skimmed it for a while, but it's gigantic. Is it possible to indicate specific text that is believed to implicate bootloader unlocking?~~

I saw some discussion of replaceable software being OK as long as the effects are OK. I believe on Pixels baseband firmware is signed by Google.

GrapheneOS

cdflasdkesalkjfkdfkjsdajfd

It seems that this directive indirectly prohibits the unlocking of bootloaders.

It does not do that and we do not expect any issues for GrapheneOS based on this.

DeletedUser421

Which part exactly?

cdflasdkesalkjfkdfkjsdajfd

(preamble 6) "Equipment which intentionally emits or receives radio waves for the purpose of radio communication or radiodetermination makes systematic use of radio spectrum. In order to ensure an efficient use of radio spectrum so as to avoid harmful interference, all such equipment should fall within the scope of this Directive."
...
(article 3)
“Radio equipment shall be constructed so that it supports certain features ensuring that software can only be installed if the compliance of the combination of the radio equipment and the software has been demonstrated.”

Implication: Installing custom ROMs or modified firmware (which often requires unlocking the bootloader) could violate this requirement
...
(article 10)
" Manufacturers shall ensure that radio equipment shall be so constructed that it can be operated in at least one Member State without infringing applicable requirements on the use of radio spectrum."

Implication: If a user installs non-certified software, the manufacturer could be held liable unless they prevent such modifications—leading them to lock bootloaders permanently to avoid legal risk.

tac

cdflasdkesalkjfkdfkjsdajfd As de0u said above, I also understand it as only applicable to the radio firmware directly.

wonder75

I would identify "Radio equipment" in a phone as the baseband chip, not the OS.
The EU might see it different though.

argante

These people live in the belief that a snail is a fish, so you can expect anything from them.

Please note that Wi-Fi uses radio waves to transmit data. I agree that this regulation could make it impossible to unlock the bootloader. If there's any uncertainty, it's done to minimize the risk.

de0u

argante Please note that Wi-Fi uses radio waves to transmit data. I agree that this regulation could make it impossible to unlock the bootloader. If there's any uncertainty, it's done to minimize the risk.

I think many are aware of that. I am even professionally aware of that.

But the directive does not say that all risk must be reduced, bootloaders must be locked, etc. And in fact it very clearly contemplates installable software. Here is paragraph 16 of the "whereas" section of the document, with emphasis added:

The compliance of some categories of radio equipment with the essential requirements set out in this Directive may be affected by the inclusion of software or modification of its existing software. The user, the radio equipment or a third party should only be able to load software into the radio equipment where this does not compromise the subsequent compliance of that radio equipment with the applicable essential requirements.

The authors of the Directive very clearly understand that end users load software into radios, and are explicitly ok with end users loading software into radios as long as appropriate results are achieved.

But there's more! Paragraph 19, again with my emphasis added:

Verification by radio equipment of the compliance of its combination with software should not be abused in order to prevent its use with software provided by independent parties.

So the authors of the Directive would actually prefer for radio manufacturers to allow end users to install software that wasn't written by the manufacturer.

I think if anybody wants to argue that this Directive will require cellular handset manufacturers to lock bootloaders then it would be good for such a party to read the whole document and present an argument based on the entire document (including not just the "whereas" clauses but the text of the Articles, which are the parts that are the most directly operative).

KitsuneNoBaka

argante Ad to EU: they don't belief that snail is a fish. They belief that paper takes all bullshit as long as powerful want's it and there are money to make.

Eirikr70

Graphene1 I really thought that de0u had closed this absurd debate, but it seems like some of us like to frighten themselves for no reason...

other8026

Posted this in another thread, but figure it is relevant here too. The project account said this in response to someone asking about the news.

We don't think there's going to be any issue for us from this.

X link | X Cancel link

argante

GrapheneOS https://www.dday.it/redazione/53894/la-fine-delle-custom-rom-e-dei-bootloader-sbloccati-in-europa-samsung-la-prima-gli-altri-seguiranno

Translated:

Why RED impacts custom ROMs even if installed aftermarket

Today, systems like GrapheneOS, but this also applies to custom ROMs, are not distributed in Europe as operating systems for finished devices. Instead, they are promoted for use as operating systems for devices already on the market.

This means they are not directly subject to the RED Directive; they simply must be careful not to alter the behavior of the radio module in a way that violates RED requirements and must preserve the original device's compliance mechanisms. If a ROM introduces modifications to the radio drivers, its developer could be held jointly responsible for the device's non-compliance.

The real problem is that if GrapheneOS, or another ROM, enables the illicit use of radio frequencies or has the potential to alter the radio component in any way, the device manufacturer or the importer into the EU could also be held liable. This is why bootloaders are blocked by manufacturers: if third-party software can modify the radio component, they are responsible.

de0u

argante the potential to alter the radio component in any way?

Is the suggestion that Linux on laptops is over in the EU, because it's easy to replace the upper-level Bluetooth software, and potentially tweak power levels?

monogram

argante GrapheneOS https://www.dday.it/redazione/53894/la-fine-delle-custom-rom-e-dei-bootloader-sbloccati-in-europa-samsung-la-prima-gli-altri-seguiranno

argante similarly interesting point - somehow I keep coming across Italian articles: https://www.smartworld.it/news/android-bootloader-rom-bloccati-direttiva-europa.html

Those "articles" are just braindead translations of a groundless and likely AI-generated text from Xiaomitime.com which is making up connections between unrelated facts.
I'd simply disregard them.

GrapheneOS

argante It's not accurate. GrapheneOS is not a ROM and this law doesn't have an impact on GrapheneOS which it wouldn't have on a laptop/desktop where there are also radio drivers and the OS setting the regulation region. They're not thinking or writing about this logically. It's not what the law does. Contrary to common misconceptions, smartphones are also not the only personal computers with radios...

argante This is not accurate either. It's not known what's going to happen with the age verification stuff yet and whether GrapheneOS will be permitted.

mttc

de0u im my opinion locking Firmware or looking complete operating systems esse completly different thing. If the law would really prohibit getting root permissions on my PC, that would be a disaster and should not be accepted by any owner or company. On mobile devices it seems to go in this direction, which would mean passing root permissions to big companies in the US or China.
First manufacturers start dropping the possibility to Unlock bootloaders such as Samsung, Oppo, Xiaomi.

argante

similarly interesting point - somehow I keep coming across Italian articles: https://www.smartworld.it/news/android-bootloader-rom-bloccati-direttiva-europa.html

The news comes just days after another European initiative: the new age verification app, which for security reasons excludes uncertified Android devices. Here too, the result is the same: less freedom for users who choose alternatives to the official system.

Graphene1

GrapheneOS we don't know whether GrapeneOS will be permitted. What a crazy dystopian time line we are entering.

argante

GrapheneOS This is not accurate either. It's not known what's going to happen with the age verification stuff yet and whether GrapheneOS will be permitted.

US congress.gov - It's just a project, but look at the direction they're going and clearly point to the device and operating system.

SEC. 107. Age verification study and report.

(a) Study.—The Secretary of Commerce, in coordination with the Federal Communications Commission and the Federal Trade Commission, shall conduct a study evaluating the most technologically feasible methods and options for developing systems to verify age at the device or operating system level.

(b) Contents.—Such study shall consider—

(1) the benefits of creating a device or operating system level age verification system;

Graphene1

Eirikr70 read GrapheneOS's above reply.

"It's not known what's going to happen with the age verification stuff yet and whether GrapheneOS will be permitted."

Eirikr70

Graphene1 You are mentioning a different point. This thread is about the EU regulation of the firmwares. We can wait and see what happens for the age verification, to which another thread is dedicated.