Radio Equipment Directive Standards EN 18031 Series Finalized but not yet Harmonized

SG 122/24

The EN 18031 series of cybersecurity standards for the Radio Equipment Directive (RED) have received a positive vote. The RED cybersecurity standards are considered as a reference for other new cybersecurity standards that will be developed for the Cyber Resilience Act.

On June 27, 2024, the EN 18031 series of cybersecurity standards for RED were approved by 100% of the members during a formal CEN vote but the HAS assessment failed. This means the standards will not yet become available for publication in the Official Journal of the EU (OJEU) and will not become harmonized until changes are made to provide more clarity on their applicability and testability. Consequently, the road towards certification will continue to require a Notified Body for all products. The final decision of the Commission is expected at the end of August 2024.

In the past two years, more than 200 experts in CEN-CENELEC JTC13/WG8 have been working on the EN 18031 series of harmonized standards that cover RED article 3.3 (d), (e), and (f). RED was one of the first steps taken to force device manufacturers to implement cybersecurity measures. EN 18031 standards are the first horizontal European security standards for products aligned with the cybersecurity regulation. The RED cybersecurity standards are considered a reference for other new cybersecurity standards that will be developed for the Cyber Resilience Act.

In January 2022, the European commission published Delegated Regulation 2022/30/EU, which activated three essential requirements related to cybersecurity. The standards were written by CEN/CLC/JTC 13/WG 8 to cover essential requirements 3.3 (d), (e) and (f) under RED.

• EN 18031-1 covering article 3.3 (d) “radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service”
• EN 18031-2 covering article 3.3 (e) “processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment”
• EN 18031-3 covering article 3.3 (f) “radio equipment processing virtual money or monetary value”

With these standards in place, the industry can now align with the RED directive's cybersecurity requirements, which will be enforced from August 2025 and SGS Brightsight is ready to support you in the certification process using the EN 18031 series of standards.

How SGS supports you

Leveraging our experience and expertise in cybersecurity evaluations of various products and solutions, we have developed a comprehensive, step-by-step approach to guide you through each stage of the evaluation and certification process. Our scope encompasses the full range of training, pre-assessment and evaluation services, enabling you fast-track time to market. Through our global network, we can assess all products against a wide variety of internationally recognized standards, and as a Notified Body, we can issue EU-type certification for products destined for European markets, to show compliance with RED 3.3 (d), (e), (f).

• Training/workshops – aim at helping manufacturers and developers gain a deeper understanding of the specific security requirements relevant to their products 
• Product design review – we can support you in the initial phases of product development with a thorough product design review and vulnerability scan 
• Product testing – we conduct pre-market assessments using the new final EN 18031 standards 
• SGS Cybersecurity Mark – upon successfully completing the evaluation assessment, we will issue a cybersecurity mark to demonstrate your product's adherence to the highest security standards 
• EU Type Certificate – SGS Notified Body will issue an EU Type Certificate including RED Articles 3(3) (d), (e) and (f) using the new final EN 18031 standards

Read more about RED here.

Our holistic total solution services for electrical &electronic products, delivered through our global network of accredited testing laboratories, ensure manufacturers and retailers have access to expert support at every stage of the product life cycle, from design, production and regulatory compliance to the import and export of goods. Contact us for more information or visit our website. In the end, it’s only trusted because it’s tested.