CE-RED Compliance Certification
JTag Port disable
Written by Simone Naidoo
Updated at January 27th, 2026
Table of Contents
Overview of the New CE-RED Regulations for Digital Matter Products
In accordance with the updated European Union Radio Directive (CE-RED) , all internet-connected radio equipment placed on the EU market after 1 August 2025 must comply with enhanced cybersecurity requirements.
Physical access to the device must be restricted. For Digital Manager devices, physical access refers specifically to access to the JTAG port, which is used to connect the device to the provisioning tool. Access to this port must be restricted to authorized personnel only.
To meet the new regulatory requirements, updated firmware has been implemented. This firmware is applied as standard during production on all newly manufactured devices.
For limited quantities of existing stock, the firmware is applied via an over-the-air (OTA) update before shipping.
You may have noticed that the firmware has been queued and an admin template has been applied.
Once disabled, the Debug port/JTag port cannot be re-enabled, as per the regulatory requirement.
What does this mean for device configuration using the DM link
The provisioning tool may be used to set APNs, admin parameters, and other configuration settings during initial setup.
Once the device connects to Device Manager and retrieves the new update, further access via the provisioning tool is prevented.
Impact on Device Provisioning
- All device firmware and parameter updates are managed over the air via Device Manager.
- In most cases, devices connect automatically on first power-up and can then be fully managed through Device Manager.
- If a device does not initially connect, the provisioning tool may be used to configure the required parameters to enable the first connection.
- Once the device has connected, the provisioning tool will no longer be able to connect, in accordance with CE-RED requirements.
Troubleshooting
What if I set the incorrect APN?
The fallback mechanism:
When a device connects successfully, it stores the current (i.e, proven to be working) admin parameters in memory.
Then, if it is unable to connect for over 3 days, and there has been a parameter change, it will do the following.
Revert to the ‘last known working’ set of admin parameters and attempt a connection
If a device is not able to successfully register on the network for 3 days, it will attempt an upload with a 10-minute registration timeout (i.e, leave the modem on for 10 minutes continuously). This is a fail-safe to allow a device to reconnect if something has gone wrong (i.e,. misconfigured settings, timeouts).
The device will use this set of parameters for 8 hours, giving the device a chance to get online and download an updated set of admin parameters
After 8 hours, the device will revert to the current admin parameters. And the 3-day cycle begins again.
What if I need to reset the APN on my device?
- Insert a functioning SIM card into the device
- Set the new fixed APN OTA via Device Manager
- Wait for the upload so the device can download and apply the new APN settings
- Insert the new SM card, and the device will connect if the APN is correct
Device not committing and connecting
You can still follow the normal troubleshooting steps, Since Committed/Since Connected and Troubleshooting - Digital Matter
