On January 30, 2025, the European Commission announced in its official journal Office Journal (hereinafter referred to as OJ) that the EN 18031 series of standards have been included in the coordinated standards of the Radio Equipment Directive (Directive 2014/53/EU).
This decision marks that this series of standards will become an important basis for the cybersecurity compliance of radio equipment in the EU.
The new regulations will be enforced from August 1, 2025.
This means that all wireless devices sold in the EU market must meet the mandatory requirements of this new cybersecurity regulation from August 1, 2025.
Products that do not meet the standards will face market access restrictions, and manufacturers need to accelerate the layout of compliance strategies.
1. Composition of the EN 18031 series of standards
The EN 18031 series of standards consists of three parts, each of which targets different types of radio equipment and their safety requirements.
In 2022, the European Commission also introduced cybersecurity requirements in accordance with Article 3 (3), as follows:
EN 18031-1:2024
Scope of application: Internet-connected radio equipment.
Supporting requirements: Comply with the basic requirements of Article 3 (3) (d) of the Radio Equipment Directive (introducing the cybersecurity requirements of “preventing network damage and service degradation”)
EN 18031-2:2024
Scope of application: Including Internet-connected devices, child care equipment, toy equipment and wearable devices.
Supporting requirements: Comply with the basic requirements of Article 3 (3) (e) of the Radio Equipment Directive (introducing the cybersecurity requirements of “protecting personal data and user privacy”)
EN 18031-3:2024
Scope of application: Radio equipment that handles virtual currency or monetary value.
Supporting requirements: Comply with the basic requirements of Article 3(3)(f) of the Radio Equipment Directive (introducing the cybersecurity requirements of “measures to prevent fraud in wireless devices that handle virtual currency”)
II. Main restrictions of the EN 18031 series of harmonized standards in the OJ
Restriction 1: Regarding the “reasoning” and “guidance” sections
1. Scope of application: EN 18031-1:2024/ EN 18031-2:2024 / EN 18031-3:2024
2. Content: These sections are only for reference information for manufacturers and do not confer presumption of compliance.
Manufacturers do not need to conduct third-party conformity assessments, but it should be noted that these contents are not normative requirements.
Restriction 2: Default password issues
1. Scope of application: EN 18031-1:2024 / EN 18031-2:2024 / EN 18031-3:2024
2. Content: The standard allows users not to set passwords, but this may lead to authentication risks. Manufacturers who ignore this clause may not meet the basic requirements of the RED Directive.
Limitation 3: Access control for toys and childcare equipment
1. Scope: EN 18031-2:2024
2. Content: The standard deals with access control mechanisms for toys and childcare equipment. If manufacturers do not implement parental or guardian controls, authentication risks may not be addressed, which in turn affects compliance.
Limitation 4: Evaluation criteria for security updates
1. Scope: EN 18031-3:2024
2. Content: The standard deals with the evaluation of security updates, but any one method alone (such as digital signatures or access control) is not sufficient to address financial asset risks. Therefore, manufacturers must conduct third-party conformity assessments.
III. Main evaluation items of the EN 18031 series of standards
Post time: Mar-25-2025