EMC China Lab

EN 18031 Testing Services

Views :
Update time : 2025-02-24

The mandatory implementation date for the EU Radio Equipment Directive (RED) cybersecurity requirements under en 18031 is August 1, 2025. Although it has not yet been officially listed as a harmonized standard in the EU Official Journal (OJ), manufacturers are advised to prepare for compliance in advance.

 

Below is a comprehensive overview of the testing content for the EN 18031 series of standards, in line with the cybersecurity requirements of the EU Radio Equipment Directive (RED):

 

EN 18031 Testing Services(图1)


Standard Background and Scope

The EN 18031 series of standards was developed by the EU to implement the cybersecurity requirements under Article 3(3)(d), (e), and (f) of the RED Directive (2014/53/EU), specifically focused on securing networked radio equipment. This standard is divided into three parts, each addressing asset protection in different domains:

 

- EN 18031-1: Corresponding to Article 3(3)(d), focusing on cybersecurity assets (e.g., network infrastructure, communication protocols).

 

- EN 18031-2: Corresponding to Article 3(3)(e), focusing on privacy assets (e.g., personal identification information, health data).

 

- EN 18031-3: Corresponding to Article 3(3)(f), dedicated to the protection of financial assets (e.g., devices supporting cryptocurrency transactions or funds transfer).

 

Core Testing Content

1. General Security Mechanisms (Applicable to EN 18031-1/2/3):

 - Access Control Mechanism (ACM): Verifying the device’s ability to manage user permissions, preventing unauthorized operations.

 - Authentication Mechanism (AUM): Testing the reliability and anti-breach capabilities of multi-factor authentication (e.g., biometrics, dynamic passwords).

 - Secure Communication (SCM): Checking the encryption protocols for data transmission (e.g., TLS 1.3) and the ability to defend against man-in-the-middle attacks.

 - Secure Storage Mechanism (SSM): Evaluating encryption storage solutions for sensitive data (e.g., keys, transaction records), ensuring compliance with standards such as AES-256.

 - Secure Updates Mechanism (SUM): Verifying the integrity of firmware/software updates and anti-tampering mechanisms (e.g., digital signature verification).

 

2. Itemized Testing Focus:

 - EN 18031-3 (Financial Asset Protection):

 - Anti-fraud Functions: Testing the device's ability to identify and block abnormal transactions (e.g., phishing attacks, duplicate payments).

 - Key Management: Ensuring that pre-installed or generated encryption keys are ≥112 bits in length and verifying the security of the key lifecycle (generation, storage, destruction).

 - Log Mechanism (LGM): Ensuring the integrity, anti-tampering, and traceability of transaction logs.

 

 - EN 18031-2 (Privacy Protection):

 - Data Anonymization: Verifying the anonymization processes for personal privacy information (e.g., geolocation, payment records).

 - Compliance Auditing: Checking adherence to privacy regulations such as GDPR, ensuring data minimization principles.

 

 - EN 18031-1 (Cybersecurity):

 - Vulnerability Protection: Assessing the device’s attack resistance through penetration testing (e.g., SQL injection, DDoS attack simulation).

 - Network Segmentation: Verifying the device’s network segmentation and isolation mechanisms under abnormal traffic conditions.

 

Testing Process and Requirements

1. Document Preparation:

 - Submit an asset identification table that classifies security, network, privacy, and financial assets.

 - Provide technical documentation (design specifications, communication interface matrix, security policies).

 

2. Prototype Requirements:

 - Provide 4-6 prototypes (including 2-3 debug prototypes) with open debug interfaces (e.g., root access) to support in-depth testing.

 

3. Testing Timeline:

 - Documentation Submission: 4-12 weeks.

 - Functionality Testing: 8-12 weeks (including concept evaluation, functional verification, and fuzz testing).

 

Compliance Recommendations

- Plan Ahead: Due to the lengthy testing process, it is recommended to initiate the certification process at least 6 months before the mandatory implementation deadline.

- Collaborate with Certified Laboratories: Choose a third-party laboratory qualified under the RED directive for pre-testing to optimize design flaws.

- Ongoing Maintenance: Regularly update security patches and maintain records of updates to ensure compliance throughout the device's lifecycle.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Proposition 65 Testing Laboratories Proposition 65 Testing Laboratories
04 .01.2025
China JJR Laboratory provides Proposition 65 testing to ensure compliance with California’s chemical...
CPSIA Compliance Test CPSIA Compliance Test
04 .01.2025
CPSIA compliance ensures children‘s product safety. China JJR Laboratory provides testing for materi...
RoHS Ten Tests RoHS Ten Tests
04 .01.2025
RoHS limits ten hazardous substances in electronics to protect health and the environment. Complianc...
Guide to Export Certification for Robotic Vacuum C Guide to Export Certification for Robotic Vacuum C
04 .01.2025
Guide to Export Certification for Robotic Vacuums: Covers CCC, SRRC (China), NCC (Taiwan), CE, RoHS,...
China Ingress Protection Test Laboratory China Ingress Protection Test Laboratory
04 .01.2025
China JJR Lab provides Ingress Protection (IP) testing for dust and water resistance, ensuring produ...
EU CE Certification RED Cybersecurity Directive EU CE Certification RED Cybersecurity Directive
04 .01.2025
EU CE RED Cybersecurity Directive mandates compliance with 3.3d/e/f from August 1, 2025. JJR Lab Chi...
Air Cooler CE Certification Testing Air Cooler CE Certification Testing
03 .31.2025
Air coolers require CE certification for Europe. Testing by China JJR Laboratory ensures compliance ...
Electric Hammer CE Certification Testing Electric Hammer CE Certification Testing
03 .31.2025
Electric hammer CE certification testing by China JJR Laboratory ensures compliance with EU standard...

Leave Your Message