Samsung has decided to proceed with the Bootloader blocking also in Europe, a move that has caused a lot of discussion. Behind this choice is a European regulation that will come into force in August 2025 and which risks changing smartphone usage in Europe forever. This is why other manufacturers may soon follow suit.
From 1 August 2025, new provisions will come into force RED Directive (Radio Equipment Directive), which redefines the compliance requirements for all radio devices sold in Europe. This is a significant change, not so much for the amount of regulations introduced, but for the effect they will have on the entire Android ecosystem. The issue revolves around three articles that impose specific protections: against network interference, personal data compromise, and digital fraud. These are, in themselves, sacrosanct rules.
But the crux comes with the interpretation prevailingEach device must ensure full compliance not only with the hardware, but also with the software that controls the radio modules. This is where the bootloader comes in. Unlocking it essentially allows you to replace the original operating system with an alternative one, such as LineageOS or GrapheneOS.
But these systems, if they modify the radio drivers even minimally, invalidate the CE certification. An uncertified device can no longer be legally marketed or used, at least according to the most stringent reading of the law.
This scenario has therefore led Samsung to protect its devices. Not on a whim, but to avoid any software modifications falling under your legal liability. If a user installs a ROM that interferes with radio frequencies or compromises communications security, the manufacturer (and in some cases the importer) may be held directly liable.
RED does not explicitly talk about unlocking the Bootloader or custom ROM, but it opens one regulatory space in which the margins for maneuver are they narrow. And in doing so, it provides a solid argument for those who have been trying for years to close the loop between hardware, software, and services. After all, customizing the operating system also means breaking away from proprietary services and, therefore, from the model that ties the user to the brand.
Samsung is just the first to move, but it’s hard to imagine it will be the only one. Starting in August 2025, it’s very likely that other manufacturers will follow suit, at least for the European market.
Has anyone verified what this article says?
Here’s the law in question: https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng It doesn’t seem to imply what the article implies.
Also, here are some things from the discussion on HN
As is usual, there seems to be a massive misunderstanding what the directive is and means. The TLDR is that the directive contains no clauses that compels phone makers to keep the Android bootloader locked or that forbids EU users from unlocking it.
Samsung’s public reasoning might be that disabling unlocking the bootloader because of the directive, but there is nothing in the directive that forces them to lock the bootloader. It does sound like a convenient scapegoat if they don’t want to talk about the real reasons though.
The phone makes who end up disabling the unlocking of bootloaders are all doing so on their own accord, not because some regulation is forcing them to.
Finally, the EU’s broader right-to-repair policies makes it kind of impossible that an outright prohibition of unlocking the bootloader could happen. But of course, nuance doesn’t make people click article titles on the web…
I think it’s Samsung that interpreted the rule at their advantage in a way that sends more devices to the landfill
This was the only reason I liked Android over iOS: the CFW community. I’ve been running some sort of CFW since Android 4.0. Now, the charm has gone. GrapheneOS, SailfishOS, e/OS, LineageOS, iode OS, and even CyanogenMod – I’ve used them all. Each one has its own target group and use case. I hope it turns into the better one again. It’s like forcing a PC to only run the OS it’s delivered with.
It’s like forcing a PC to only run the OS it’s delivered with.
That’s coming. Everything else has been locked down.
I’m also convinced that we’ll be herded ever more toward cloud computing. That is, we’ll all have our “desktop” on the cloud and thin clients to access it.
Don’t get me started on the dystopia I see coming from that.
Yup. It’s another product they’ll try to turn into a service so you’re locked in forever. Allowing people to pay once for their products is bad business.
Copyright and patents abolition would solve this.
You gonna pay this subscription or you are going to die
Yea I can see it becoming a legal requirement for hardware to be certified and monitored to make sure it hasn’t deviated from an approved configuration. Think of the children, it could be used for crimes if not. Self hosting will completely die and any chance of digital freedom completely killed.
whether thin clients will prevail depends on the network costs and the CPU costs.
if the network costs become really low, shuffling more data around between user-device and server might be doable, but as long as network costs are non-negligible, it won’t happen.
In a lot of places, fast Internet is ubiquitous and cheap.
Yeah there’s going to be a few places that will be problematic. But most can get access to fast Internet now I think.
Also for non gaming the data requirement isn’t so much.
I’m not talking about short term. It’s a medium to longer term thing. But it will start to become commonplace soon I reckon.
I also used rooting at the beginning (Android 4.0 to 7.0) but realized that it is a little bit of a security problem, so I later used cfw without rooting the device. But root was a lot of fun, like cpu scheduler tweaks, apk patches or system mods. TWRP simple backups and restores. System Application removal (daim Facebook App…… 2014 users will remember)
Like how the cellular module is proprietary and locked down, even on something like a Librem phone. Or like how DVD players had use proprietary software to comply with DRM.
If I remember correctly, the cellular chip is also closed source on the BraXPhone. This was one of the criticisms that I heard.
The EU is pretty disappointing.
Did you read the directive? https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng
Fuck smart phones and neo feudalism. This is theft of ownership with a criminal complicit government. I applaud all Luigi’s these people deserve it. These are the killers of democracy. If your device only runs factory filtered stalkerware garbage, all democracy is dead. All information is easily filtered by this proprietary shit. Freedom of the press is a bullshit tiny niche of the broader requirement for a fully informed public. The fucking “press” is bullshit to highlight. You must have fully informed citizens and you may not choose how that information is shared or disseminated between citizens. This is not democracy. People are so fucking stupid.
Notice how the article implies Samsung and other corporations don’t want to do this, even though it’s something they’ve wanted to do for a long time? They almost certainly lobbied and ghost wrote most of this legislation to begin with; now they play the victim, even though they’re a perpetrator.
Jesus, how do you people always come up with the most inane conspiracies. I have a company that manufactures devices that communicate wirelessly. The new RED is a huge pain in the ass, along with the CRA.
Absolutely no company pushed for this. The new legislations and directives cause a ton of additional work and obligations for companies, e. g. software has to be certified as part of the compliance check, things that were previously approved via self-reports now involve trusted 3rd parties, and reports of violations to government bodies are now mandatory.
And you know what, even though this costs a bunch of money that could go elsewhere and the whole thing is so new that even the certification bodies have no idea what is going on, even though we have to setup completely new processes, spend endless hours documenting things, I still appreciate both initiatives.
As an end customer, I would love if e. g. the software that runs on the mobile payment terminal taking my card info is certified. I would love if the developer of the software running on the PLC on my shop floor has to check CVEs, inform me about security issues and has to deliver 5 to 10 years of updates.
Not a fan of Samsung and their shitty software, but they’re simply preemptively covering their ass, nothing more.
I’d also still want to unlock my bootloader. I’m sure the whole legal situation will become less muddled, enabling just that.
Notice how the article implies Samsung and other corporations don’t want to do this, even though it’s something they’ve wanted to do for a long time?
It’s already disproportionately difficult to just root a Samsung phone, so this change perfectly fits the pattern. (Posting this from a new Samsung phone that I’m desperately trying to root.)
I just don’t buy android anymore. It sucks. Apple you always sucked too. Annoyingly society kinda requires me to have a phone so I will just get what ever someone else is throwing away or is very cheap second hand.
Reject their devices is the only real choice you can make. Don’t give them money.
deleted by creator
It feels like a generation from now, doing what was common in the US during the creation of Apple and Microsoft will be considered terrorism.
Haha i’m glad we’re known for that in the eu
I’ve read once that the reason Eltz castle in Germany (a kinda often encountered on the Web nice-fantasy-looking piece of fortification) was spared by the French from burning is because one of the family members was a French officer. There’s plenty of ruins around.
OK, speaking about protest - you guys are also known for the Napoleon code, the guillotine, the freedom-equality-brotherhood stuff, de Saint-Exupery, so mostly good things. I mean, there are also de Sade and Dienbienphu, but shutting up.
You connect a wire to a battery and you just created an illegal transmitter!
Yes. I guess no more nine volt batteries in Europe. Or maybe we should focus on banning the sale of assorted lengths of wire.
“This scenario has therefore led Samsung to protect its devices.”
oh golly, poor korean mafia.
Are people still doing this? Android is pretty open these days as stock
Is it?
Android uses Apache License 2.0, which means vendors can modify and distribute without publishing their modifications, like include proprietary blobs and other proprietary code.
It’s like using Google Chrome instead of Chromium.
Yes you can debloat the system, but many system apps can’t be disabled without breaking the system, and ROMs based on AOSP the code can be reviewed or modified and built it yourself.
Xiaomi and mostly stock ROMs these days come bundled with ads, and apps that collect user data, even with debloat or DNS blackhole isn’t 100% private or better than a custom ROM.
That’s why Graphene and CalyxOS exist.Graphene and CalyxOS are not long for this non-unlockable bootloader world
Wait, what does that mean for USB LTE devices? Devices that you can attack to a desktop computer to give you mobile internet. Last time i checked, they’re widely available.
Would these become illegal as well?
I hate the fact that the more technologically literate you are, the more you run away from it.
A smartphone with latest android, Gemini, google pay, a smartwatch, ChatGPT and a smart home?
Nope, I would rather have a Linux phone that is mostly incompatible with what is expected of modern smartphones, no AI please! Google pay? Only cash or monero! My watch is very smart, it can telle the time for a few years without a recharge, and nothing else!
If a user installs a ROM that interferes with radio frequencies or compromises communications security, the manufacturer (and in some cases the importer) may be held directly liable.
IIRC they’re already doing this in China. I got hold of a chinese phone a while ago, and there was no way to install your own OS on it, you just had to use what came pre-installed, and i don’t know how much state-sponsored surveillance was on that.
what an utter bullshit! will the manufacturer be also directly held liable if someone uses a phone of their brand to make a picture about me without authorization! of fucking course not!
fuck samsung, and all the manufacturers that follow suit, because this is just not needed.
but also fuck the red directive’s decision makers for their unsatiable creep of wanting ever more power over our devices! this is exactly like saying, that there is this illegal thing, and if you are not doing it, but just have the slightest ability to do it, that is also illegal. what the actual fuck! get off my fucking phone you scumbags!!
So I will have to import hardware or cease buying smartphones altogether. MiFi router tethering with WiFi tablets and dumbphones are quite enough.
Wifi tablet will also be non-bootloader unlockable
Dumbphones don’t need wifi, they don’t have data
This sounds like bullshit.
An uncertified device can no longer be legally marketed or used
Ok, but I’m not marketing my LineageOS phone and I don’t believe Samsung can be responsible for me using it. It sounds like phones with custom ROM will simply lose CE certification (unless the custom ROM is itself certified). Samsung obtains the CE certification and sells certified phone. Making them responsible for anything that happens after that (besides regular updates) is something completely different than what this article talks about. It would basically mean that Samsung has to make sure that their devices cannot be hacked/rooted but ensuring security of hardware and software is something completely different and is covered by different laws. Even the RAD website clearly says this:
“In 2021, the Commission decided to pause the initiative following the announcement of the Cyber Resilience Act (CRA), due to potential overlaps. In 2023, it was agreed that cybersecurity requirements would transfer from the Radio Equipment Directive (RED) to the CRA.”
