EMC China Lab

EN 18031 Testing Services

Views :
Update time : 2025-02-24

The mandatory implementation date for the EU Radio Equipment Directive (RED) cybersecurity requirements under en 18031 is August 1, 2025. Although it has not yet been officially listed as a harmonized standard in the EU Official Journal (OJ), manufacturers are advised to prepare for compliance in advance.

 

Below is a comprehensive overview of the testing content for the EN 18031 series of standards, in line with the cybersecurity requirements of the EU Radio Equipment Directive (RED):

 

EN 18031 Testing Services(图1)


Standard Background and Scope

The EN 18031 series of standards was developed by the EU to implement the cybersecurity requirements under Article 3(3)(d), (e), and (f) of the RED Directive (2014/53/EU), specifically focused on securing networked radio equipment. This standard is divided into three parts, each addressing asset protection in different domains:

 

- EN 18031-1: Corresponding to Article 3(3)(d), focusing on cybersecurity assets (e.g., network infrastructure, communication protocols).

 

- EN 18031-2: Corresponding to Article 3(3)(e), focusing on privacy assets (e.g., personal identification information, health data).

 

- EN 18031-3: Corresponding to Article 3(3)(f), dedicated to the protection of financial assets (e.g., devices supporting cryptocurrency transactions or funds transfer).

 

Core Testing Content

1. General Security Mechanisms (Applicable to EN 18031-1/2/3):

 - Access Control Mechanism (ACM): Verifying the device’s ability to manage user permissions, preventing unauthorized operations.

 - Authentication Mechanism (AUM): Testing the reliability and anti-breach capabilities of multi-factor authentication (e.g., biometrics, dynamic passwords).

 - Secure Communication (SCM): Checking the encryption protocols for data transmission (e.g., TLS 1.3) and the ability to defend against man-in-the-middle attacks.

 - Secure Storage Mechanism (SSM): Evaluating encryption storage solutions for sensitive data (e.g., keys, transaction records), ensuring compliance with standards such as AES-256.

 - Secure Updates Mechanism (SUM): Verifying the integrity of firmware/software updates and anti-tampering mechanisms (e.g., digital signature verification).

 

2. Itemized Testing Focus:

 - EN 18031-3 (Financial Asset Protection):

 - Anti-fraud Functions: Testing the device's ability to identify and block abnormal transactions (e.g., phishing attacks, duplicate payments).

 - Key Management: Ensuring that pre-installed or generated encryption keys are ≥112 bits in length and verifying the security of the key lifecycle (generation, storage, destruction).

 - Log Mechanism (LGM): Ensuring the integrity, anti-tampering, and traceability of transaction logs.

 

 - EN 18031-2 (Privacy Protection):

 - Data Anonymization: Verifying the anonymization processes for personal privacy information (e.g., geolocation, payment records).

 - Compliance Auditing: Checking adherence to privacy regulations such as GDPR, ensuring data minimization principles.

 

 - EN 18031-1 (Cybersecurity):

 - Vulnerability Protection: Assessing the device’s attack resistance through penetration testing (e.g., SQL injection, DDoS attack simulation).

 - Network Segmentation: Verifying the device’s network segmentation and isolation mechanisms under abnormal traffic conditions.

 

Testing Process and Requirements

1. Document Preparation:

 - Submit an asset identification table that classifies security, network, privacy, and financial assets.

 - Provide technical documentation (design specifications, communication interface matrix, security policies).

 

2. Prototype Requirements:

 - Provide 4-6 prototypes (including 2-3 debug prototypes) with open debug interfaces (e.g., root access) to support in-depth testing.

 

3. Testing Timeline:

 - Documentation Submission: 4-12 weeks.

 - Functionality Testing: 8-12 weeks (including concept evaluation, functional verification, and fuzz testing).

 

Compliance Recommendations

- Plan Ahead: Due to the lengthy testing process, it is recommended to initiate the certification process at least 6 months before the mandatory implementation deadline.

- Collaborate with Certified Laboratories: Choose a third-party laboratory qualified under the RED directive for pre-testing to optimize design flaws.

- Ongoing Maintenance: Regularly update security patches and maintain records of updates to ensure compliance throughout the device's lifecycle.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Packaging Validation ISO 11607 Test Report Packaging Validation ISO 11607 Test Report
04 .25.2025
ISO 11607 packaging validation testing provided by China’s JJR Lab ensures medical devices meet safe...
What is the ISO 11607-1 Packaging Validation Test? What is the ISO 11607-1 Packaging Validation Test?
04 .25.2025
ISO 11607-1 ensures sterile medical packaging meets global safety standards. JJR Lab in China offers...
How to get an ISO 11737-1 Test Report? How to get an ISO 11737-1 Test Report?
04 .25.2025
Bioburden testing per EN ISO 11737-1 ensures medical device safety pre-sterilization. JJR Lab in Chi...
Orthopedic Implant Cleanliness Testing Orthopedic Implant Cleanliness Testing
04 .25.2025
Orthopedic implant cleanliness is key for biocompatibility and sterilization. China JJR Laboratory o...
What is ISO 10993-23:2021 Irritation Testing? What is ISO 10993-23:2021 Irritation Testing?
04 .25.2025
ISO 10993-23:2021 evaluates irritation risks of medical devices using in vitro/in vivo methods. JJR ...
ISO 10993-23 Irritation Testing Laboratory ISO 10993-23 Irritation Testing Laboratory
04 .25.2025
ISO 10993-23 irritation testing ensures device safety for skin, eyes, and mucosa. Professional testi...
EMI Emissions Testing EMI Emissions Testing
04 .25.2025
EMI emissions testing of electric/magnetic fields & disturbance power per CISPR standards. JJR L...
EMC Standards for Medical Devices EMC Standards for Medical Devices
04 .25.2025
EMC standards like IEC 60601-1-2 are vital for medical devices. China’s JJR Lab provides testing for...

Leave Your Message