Would it be possible to make a case that components such as Radio Modules and SOMs are exempt from RED Cyber since they are 1) not end-products and 2) would have to go through end-product testing again anyway?

Answer

The short answer is no, it is not possible to categorically exempt radio modules or system-on-modules (SOMs) from the requirements of RED Article 3.3 (d), (e), or (f) solely because they are components and not end products.  

The applicability of RED Cyber provisions depends on the technical capabilities of the product, such as whether it can establish an IP-based Internet connection or process private, navigation, or financial data.