Introduction to the RED-EN 18031 Testing Project

Views :

Update time : 2025-03-11

Background

On January 12, 2022, the Official Journal of the European Union published Delegated Regulation 2022/30/EU, which mandates compliance with Article 3.3(d), (e), and (f) of the RED (Radio Equipment Directive). This regulation requires applicable wireless devices in the EU market to meet cybersecurity, personal data privacy, and fraud protection standards. The goal is to enhance the cybersecurity of such devices and strengthen consumer confidence. The regulation will be enforced starting August 1, 2025, providing a 42-month transition period for device manufacturers.

Introduction to the RED-EN 18031 Testing Project(图1)

In 2024, the EU published the en 18031 standard, which defines cybersecurity requirements for RED compliance.

EN 18031 Series: The Basis for Cybersecurity Evaluation under RED

- EN 18031-1 – Corresponding to Article 3.3(d), applicable to all networked devices. It evaluates cybersecurity mechanisms such as authentication, secure updates, and communication encryption. The standard requires that device designs do not compromise network infrastructure, restrict unauthorized use of network resources, and prevent service disruptions.

- EN 18031-2 – Corresponding to Article 3.3(e), targeting data-processing devices (e.g., wearables, child monitoring devices). It mandates log recording, user notifications, and data deletion mechanisms to protect personal data and privacy. Devices must integrate encryption and access control mechanisms to prevent data breaches.

- EN 18031-3 – Corresponding to Article 3.3(f), for financial transaction devices (e.g., payment terminals). It requires software integrity verification and transaction tracking mechanisms to prevent financial fraud. Devices must be capable of identifying and blocking fraudulent activities.

Comparison of EN 18031 and ETSI EN 303 645

- EN 18031 builds upon the ETSI standard but introduces stricter requirements while adding “not applicable” conditions for greater flexibility.

- Companies already compliant with the ETSI standard will find it easier to pass the EN 18031 evaluation.

Mandatory Enforcement Date

- August 1, 2025 – Enforcement begins after a 42-month transition period.

Scope of Cybersecurity Requirements

The requirements apply to both directly and indirectly connected wireless radio equipment. Supported wireless communication technologies include, but are not limited to:

- Wi-Fi, Bluetooth, ZigBee, 4G/5G, LoRa, and more.

This means that almost all wireless devices with networking capabilities must comply with cybersecurity regulations—including smartphones, smartwatches, and industrial wireless communication devices.