The End of Open Android? EU’s New Law Forces Samsung & Others to Lock Bootloaders
As of August 1, 2025, the European Union has enacted new cybersecurity requirements for smartphones and other radio equipment—amendments introduced under the revised Directive 2014/53/EU (RED) and supplemented by Delegated Regulation 2022/30. These new regulations effectively eliminate one of Android’s hallmark features: the ability to unlock the bootloader.
Samsung was the first to respond, discreetly disabling the bootloader unlock function in its OneUI 8 firmware. This move is a direct consequence of RED’s mandate that manufacturers guarantee the cryptographic integrity of all firmware components. Now, companies such as Xiaomi, Google, and other Android brands must either follow suit or risk losing their certification for the European market.
Under the directive, all devices sold within the EU are required to:
– block the installation of unauthorized software,
– implement technologies such as Secure Boot,
– and run only firmware digitally signed by the manufacturer.
Although the bootloader itself is not explicitly mentioned, the requirement for comprehensive software authenticity verification precludes its unlocking in its current form.
Until now, Android remained the last major platform that embraced customization—allowing users and enterprises to install custom ROMs and tailor devices to their specific needs. This will soon become a relic of the past. Every piece of software must now be verified and signed; incompatible or modified builds will be blocked at the hardware level. These changes affect not only individuals but also businesses that previously relied on specialized Android versions.
Samsung’s decision marks a strategic effort to comply with the new standards even before their enforcement date. Other manufacturers are expected to follow quickly. Without RED compliance, devices cannot bear the CE marking and are thus barred from entering the EU market.
Consequently, Android smartphones in Europe are edging closer to the walled-garden model long associated with the iPhone. Users will lose access to root privileges, custom ROMs, and debugging tools. In place of an open ecosystem, we now face centralized updates restricted to official builds and firmware-level launch control.
Even Xiaomi—often seen as a champion of flexibility—is bracing for constraints. In China, bootloaders are already locked; in European versions of HyperOS 3, mandatory firmware validation and Secure Boot are expected to follow. While exceptions may remain for certain enterprise models, the average user will no longer enjoy such freedoms.
For most, this shift signals a rise in security—offering protection from malicious firmware modifications. Yet for enthusiasts and professional users, it marks the end of an era. The Android many once knew is fading—at least within the borders of the European Union.
