In a significant move to bolster cybersecurity across the European Union, the European Commission has officially harmonized the EN 18031 series of standards under the Radio Equipment Directive (RED) as of January 30, 2025. This harmonization aims to establish uniform cybersecurity requirements for radio equipment, ensuring enhanced protection for networks, user data, and financial transactions.
Overview of the EN 18031 Series
The EN 18031 series comprises three distinct parts, each targeting specific aspects of radio equipment security:
EN 18031-1:2024 – Internet-Connected Radio Equipment: Focuses on safeguarding network functionality by preventing equipment from causing harm or service degradation.
EN 18031-2:2024 – Radio Equipment Processing Data: Addresses the protection of personal data and user privacy, applicable to devices such as childcare equipment, toys, and wearables.
EN 18031-3:2024 – Radio Equipment Handling Virtual Money: Defines measures to prevent fraud in devices facilitating virtual currency or monetary transactions.
Implications for Manufacturers
With the harmonization of these standards, manufacturers can now demonstrate compliance with RED’s cybersecurity requirements more efficiently. Adherence to the EN 18031 series allows for a presumption of conformity, streamlining the process of bringing products to the EU market. However, it’s crucial to note that this presumption applies only when products fully comply with the standards without exceptions. Specific clauses within the standards, particularly those related to password usage and parental controls, must be meticulously implemented. Failure to do so necessitates engagement with a Notified Body for conformity assessment.
Key Compliance Dates
January 30, 2025: EN 18031 standards listed in the Official Journal of the European Union.
August 1, 2025: Deadline for manufacturers to ensure all radio equipment complies with the new cybersecurity requirements.
Recommendations for Stakeholders
To align with the upcoming requirements, stakeholders should:
Conduct Comprehensive Assessments: Evaluate existing products against the EN 18031 standards to identify necessary modifications.
Implement Required Security Measures: Ensure features like mandatory password protection and parental controls are properly integrated.
Engage with Notified Bodies When Necessary: If full compliance with the standards isn’t feasible, seek assessment and certification from authorized bodies.
By proactively addressing these areas, manufacturers and stakeholders can ensure a seamless transition to the new regulatory landscape, thereby enhancing the security and trustworthiness of radio equipment within the European market.
The official decision can be accessed here.
Certain limitations apply to harmonization. The detailed restriction terms are available here.
