On January 30, 2025, the European Commission officially listed the EN 18031 series in the Official Journal of the European Union under the Radio Equipment Directive (RED). This standard series was developed to provide manufacturers of radio equipment with a harmonized framework to meet the cybersecurity requirements that become mandatory on August 1, 2025.

What is EN 18031?

The EN 18031 series consists of three parts, each specifying security requirements for different types of radio equipment:

• EN 18031-1: Covers internet-connected radio equipment, addressing network protection and service integrity.
• EN 18031-2: Applies to radio equipment processing user data, including childcare devices, toys, and wearables, with a focus on protecting personal data and user privacy.
• EN 18031-3: Targets internet-enabled radio equipment handling virtual currencies or monetary values, defining measures to prevent fraud.

Impact of Harmonization

With the harmonization of the EN 18031 series, manufacturers can now benefit from the presumption of conformity, meaning their products are considered compliant with RED cybersecurity requirements if they fully adhere to the respective standards. This significantly facilitates market access within the EU.

However, there are specific restrictions that must be considered. The presumption of conformity is not fulfilled if a manufacturer does not comply with these restrictions. In such cases, the standard cannot be applied under Annex II (self-declaration), and a Notified Body (NB) must be involved.

The Role of the Notified Body (NB) in the Conformity Assessment

If a manufacturer does not meet the required restrictions, the conformity assessment must be conducted through a Notified Body (NB). However, this does not automatically mean that the NB can confirm compliance. The assessment process is bound by the rationales that led to these restrictions in the first place.

In such cases, an additional risk assessment is necessary. This assessment helps determine whether the manufacturer might be able to bypass certain requirements based on the intended use of the product or whether compliance remains mandatory. This step is crucial to ensure cybersecurity standards are upheld while allowing for specific product use cases where exemptions might apply.

The harmonization of the EN 18031 series marks a significant step forward in improving cybersecurity for radio equipment. However, manufacturers must carefully assess compliance with restrictions to determine whether self-declaration is possible or if a Notified Body and additional risk assessments are required.

You need more information about cybersecurity testing and certification. Just have a look at our subpage für cybersecurity.