EMC China Lab

EU RED Directive and EN 18031 Cybersecurity Standards

Views :
Update time : 2025-02-26

On January 30, 2025, the Official Journal of the European Union (OJ) officially incorporated the en 18031 series of standards as harmonized standards under the Radio Equipment Directive (RED). This means that starting August 1, 2025, all wireless devices sold in the EU market must comply with this mandatory cybersecurity regulation. Non-compliant products will face market access restrictions, urging manufacturers to accelerate their compliance strategies.

 

Cybersecurity Background of EN 18031 and the RED Directive

The EU Radio Equipment Directive (RED) requires that all wireless devices sold in the EU meet essential requirements related to:

 

- Safety

- Electromagnetic compatibility

- Efficient use of the radio spectrum

 

Since 2022, the European Commission has introduced additional cybersecurity requirements under Article 3(3) of the directive, including:

 

- Article 3.3(d) – Cybersecurity (Standard: EN 18031-1)

- Article 3.3(e) – Personal Privacy (Standard: EN 18031-2)

- Article 3.3(f) – Fraud Prevention (Standard: EN 18031-3)

 

The EN 18031 series establishes a unified cybersecurity standard to help manufacturers ensure compliance with these new regulations.

 

Scope of Covered Products

The Delegated Regulation 2022/30/EU applies to wireless devices that:

 

- Communicate directly via the internet or indirectly through other devices

- Process and expose sensitive personal data

 

Examples of affected products include:

 

- Smartphones, tablets, and laptops

- Wireless toys and child safety devices, such as baby monitors

- Wearable devices, including smartwatches and fitness trackers

 

Key Assessment Areas of EN 18031

EN 18031-1 (Cybersecurity)

This standard assesses security mechanisms in devices, covering:

 

- Access control and authentication

- Secure updates and storage

- Secure communication protocols

- Confidentiality of cryptographic keys

- General security capabilities

- Cryptographic best practices

- Resilience mechanisms

- Network monitoring and traffic control

 

EN 18031-2 (Personal Privacy)

This standard focuses on privacy protection and includes:

 

- Access control for children's toys

- Logging and record-keeping mechanisms

- Data deletion protocols

- User notification requirements

- External sensing documentation

 

EN 18031-3 (Fraud Prevention)

This standard evaluates financial and fraud-related security aspects, including:

 

- Logging mechanisms

- Device boot integrity and software authenticity

 

Key Differences Between EN 18031 and ETSI EN 303 645

While EN 18031 shares many similarities with ETSI EN 303 645, it imposes stricter requirements on tested devices. However, EN 18031 also provides more flexibility by including “not applicable” conditions for certain requirements.

 

Overall, products that already comply with ETSI EN 303 645 will have a significant advantage in meeting EN 18031 compliance requirements.

 

Recommendations for Manufacturers

Since the RED cybersecurity requirements will become mandatory on August 1, 2025, all new and existing products sold in the EU must comply. Manufacturers should take immediate action to ensure compliance.

 

Key steps for compliance:

1. Review RED applicability

- Determine if your product falls within the scope of RED’s cybersecurity requirements. JJR Lab (China) can assist in this assessment.

 

2. Understand EN 18031 standards

- Analyze the specific requirements and limitations of the EN 18031 series and assess their impact on your products.

 

3. Conduct a compliance gap analysis

- Evaluate your current cybersecurity measures against EN 18031 to identify necessary improvements.

 

4. Consult with experts

- Since EN 18031 is a new standard, manufacturers should seek professional guidance from GTG to ensure full compliance.

 

5. Prepare for market entry

- Implement necessary design, testing, and documentation changes to comply with the August 1, 2025 deadline.

- Obtaining a RED Notified Body compliance certificate will help verify product conformity.

 

This version keeps the translation structured, clear, and professional while improving readability. Let me know if you need any refinements!


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Packaging Validation ISO 11607 Test Report Packaging Validation ISO 11607 Test Report
04 .25.2025
ISO 11607 packaging validation testing provided by China’s JJR Lab ensures medical devices meet safe...
What is the ISO 11607-1 Packaging Validation Test? What is the ISO 11607-1 Packaging Validation Test?
04 .25.2025
ISO 11607-1 ensures sterile medical packaging meets global safety standards. JJR Lab in China offers...
How to get an ISO 11737-1 Test Report? How to get an ISO 11737-1 Test Report?
04 .25.2025
Bioburden testing per EN ISO 11737-1 ensures medical device safety pre-sterilization. JJR Lab in Chi...
Orthopedic Implant Cleanliness Testing Orthopedic Implant Cleanliness Testing
04 .25.2025
Orthopedic implant cleanliness is key for biocompatibility and sterilization. China JJR Laboratory o...
What is ISO 10993-23:2021 Irritation Testing? What is ISO 10993-23:2021 Irritation Testing?
04 .25.2025
ISO 10993-23:2021 evaluates irritation risks of medical devices using in vitro/in vivo methods. JJR ...
ISO 10993-23 Irritation Testing Laboratory ISO 10993-23 Irritation Testing Laboratory
04 .25.2025
ISO 10993-23 irritation testing ensures device safety for skin, eyes, and mucosa. Professional testi...
EMI Emissions Testing EMI Emissions Testing
04 .25.2025
EMI emissions testing of electric/magnetic fields & disturbance power per CISPR standards. JJR L...
EMC Standards for Medical Devices EMC Standards for Medical Devices
04 .25.2025
EMC standards like IEC 60601-1-2 are vital for medical devices. China’s JJR Lab provides testing for...

Leave Your Message