EU RED Directive EN 18031 Safety Standards

The European Commission issued Supplementary Delegated Act (EU) 2022/30 in 2022, specifying detailed requirements for cybersecurity provisions under Article 3(3)(d/e/f) of the directive. In 2023, the Commission released Supplementary Delegated Act (EU) 2023/2444, amending the enforcement timeline of 2022/30/EU by extending it to August 1, 2025.

Against this backdrop, in May 2024, the EU officially released the final draft of the FprEN 18031 series of cybersecurity standards, and the formal publication followed in August 2024.

The EN 18031 standard is divided into three parts, each corresponding to the requirements of the RED directive:

- EN 18031-1: Internet-connected radio equipment.

- EN 18031-2: Radio equipment processing data, including internet-connected radio equipment, childcare radio equipment, toy radio equipment, and wearable radio equipment.

- EN 18031-3: Internet-connected radio equipment processing virtual money or monetary value.

Scope of Application

The applicable product categories corresponding to the regulatory clauses are:

- Article 3.3 (d): Radio equipment capable of connecting to the internet (directly or indirectly).

- Article 3.3 (e): Radio equipment capable of internet connection and personal data processing and application.

- Article 3.3 (f): Radio equipment capable of internet connection and processing virtual currency or monetary value.

Evaluation Items

To maintain consistency across the EN 18031 series, the standard introduces assets as the primary evaluation target, categorized into Security assets, Network assets, Privacy assets, and Financial assets, corresponding to the following assessments:

Common evaluation items in EN 18031-1/2/3:

1. 6.1 [ACM] Access Control Mechanism

2. 6.2 [AUM] Authentication Mechanism

3. 6.3 [SUM] Secure Update Mechanism

4. 6.4 [SSM] Secure Storage Mechanism

5. 6.5 [SCM] Secure Communication Mechanism

6. 6.9 [CCK] Confidential Cryptographic Key

7. 6.10 [GEC] General Equipment Capability

8. 6.11 [CRY] Cryptography

Differentiated evaluation items in EN 18031-1/2/3:

- EN 18031-1:

  - 6.6 [RLM] Resilience Mechanism

  - 6.7 [NMM] Network Monitoring Mechanism

  - 6.8 [TCM] Traffic Control Mechanism

- EN 18031-2:

  - 6.1 [ACM] Access Control Mechanism for Children’s Toys

  - 6.6 [LGM] Logging Mechanism

  - 6.7 [DLM] Deletion Mechanism

  - 6.8 [UNM] User Notification Mechanism

  - 6.10.7 [GEC-7] External Sensing Capability Documentation

- EN 18031-3:

  - 6.6 [LGM] Logging Mechanism

  - 6.8.8 [GEC-8] Device Integrity

JJR Laboratory in China provides EU RED Directive EN 18031 safety standard services, offering companies up to 30% savings on certification costs compared to other institutions.