In a significant development for the cybersecurity landscape, the European standard EN 18031 has been formally approved to address the growing cybersecurity concerns associated with radio equipment. This standard, which will become enforceable by August 1, 2025, is designed to provide a harmonized framework for assessing the cybersecurity of internet-connected radio products under the Radio Equipment Directive (RED).
This new standard addresses the cybersecurity requirements under articles 3.3 (d), (e), and (f) of the RED, ensuring that radio devices are robust against emerging cyber threats.
| Protection of Network | RED article 3.3 (d | EN 18031-1:2024 Common security requirements for radio equipment – Part 1: Internet connected radio equipment |
| Privacy | RED article 3.3 (e | EN 18031-2:2024 Common security requirements for radio equipment – Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment |
| Monterey fraud | RED article 3.3 (f | EN 18031-3:2024 Common security requirements for radio equipment – Part 3: Internet connected radio equipment processing virtual money or monetary value |
Companies are urged to begin adapting their products and processes to meet these requirements, as compliance will be mandatory for placing products on the market from August 2025 onwards.
Please note that though the standard has successfully passed the voting of the member states. The HAS evaluation was negative, recommending revisions by the Technical Committee. This introduces uncertainty about whether the standards will be published in the EU Official Journal (OJEU) and if they will face restrictions. If the standards are not listed in the OJEU by February 28, 2025, compliance must be verified by a notified body until they receive official approval.