EU-focused manufacturers witnessed a massive surge in EN 18031 inquiries through H1 2025. The standard, barely known in 2024, became a top priority for all export businesses within months. This article summarizes official updates as of June 2026, covering timelines, enforcement trends and industry feedback.
The standard’s development spanned over a decade with key milestones in chronological order:
·May 2014: RED Directive 2014/53/EU published; Clause 3.3 cybersecurity requirements suspended for 8 years pending harmonized standards.
·January 2022: EU Implementing Regulation EU 2022/30 released, locking August 1, 2025 as EN 18031’s mandatory enforcement date.
·August 2024: CEN/CENELEC published final full versions of the EN 18031 three-part suite.
·January 30, 2025: EU Implementing Decision 2025/138 added EN 18031-1/-2/-3 to the Official Journal of the EU (OJEU) as legally recognized RED harmonized standards.
·August 1, 2025: Full mandatory enforcement activated; transition grace periods terminated.
Critical rule: All brand-new models first launched on the EU market post-August 1, 2025 must meet full compliance rules. Individual member states offered short grace periods for pre-August 2025 bulk inventory stock, with zero leniency for newly released products.
2. EU Enforcement Post-2026
National market surveillance authorities drastically ramped up EN 18031 audits in 2026. Germany’s Bundesnetzagentur, Netherlands’ Autoriteit Telecom and Sweden’s PTS completed first rounds of targeted spot checks in Q1 2026. Inspections prioritize wireless smart hardware sold via cross-border e-commerce platforms (Amazon, AliExpress, Cdiscount). Unbranded Chinese OEM white-label goods lacking complete security documentation face highest scrutiny; premium local brands receive lighter sampling rates.
Public records confirm Germany and the Netherlands as strict enforcers: multiple non-compliant product lines were forced off retail platforms, with monetary fines issued to select brands. France and Italy adopt a milder stance for now, issuing formal warning letters with remediation windows for enterprises.
Long-term trajectory: Surveillance will shift from ad-hoc spot checks to year-round routine oversight between H2 2026 and 2027. Delayed certification after regulatory discovery leads to costly penalties and market lockout.
3. Overlap & Timeline Gap Between EN 18031 and CRA
CRA stands for Cyber Resilience Act (EU 2024/1387), formally enacted at the end of 2024 with far wider coverage than EN 18031. EN 18031 is a RED-exclusive harmonized cybersecurity standard only for radio equipment, while CRA governs all digital products including wired devices, standalone software and cloud services. CRA’s full mandatory rollout starts December 2027, more than two years later than EN 18031. Wireless hardware must satisfy EN 18031 first, then implement further adjustments to fulfill CRA obligations; the two regulations run parallel without substitution.
For wireless product manufacturers, completing EN 18031 compliance is an urgent priority. Passing EN 18031 does not grant automatic CRA conformity, yet core technical frameworks overlap significantly—secure update workflows, vulnerability disclosure protocols and hardened default configurations required by EN 18031 form a solid foundation to cut future CRA adaptation costs.
A commonly overlooked detail: Security design, firmware update architectures and vulnerability management files validated during EN 18031 Notified Body audits can be reused for CRA assessments. However, Notified Body accreditations do not transfer automatically; enterprises must confirm their partner lab holds valid CRA evaluation authorization. Investing in formal NB certification now delivers reusable compliance assets for upcoming CRA enforcement, though manufacturers cannot assume their existing NB provider qualifies for CRA audits by default.
4. Industry Response & Market Status
Starting from H2 2025, global top testing and certification bodies competed to launch official EN 18031 service packages, each with specialized strengths: BSI boasts decades of cybersecurity assessment expertise; TUV SUD leads in automotive electronics compliance; SGS maintains broad coverage across consumer electronics categories.
Domestic Chinese certification providers face capacity constraints: only a limited number of labs deliver full EN 18031 test suites with established EU Notified Body liaison channels. Most local facilities can only execute partial parameter testing without end-to-end NB document review support. This supply-demand imbalance creates heavy scheduling backlogs, with steep premium fees for expedited project handling.
On the manufacturing side, large multinational brands including Samsung, Huawei and Xiaomi have finalized or nearly finished EN 18031 certification workflows. Small and medium-sized factories show inconsistent progress: some launched pre-compliance evaluations in 2025 and progressed to formal testing, while others have taken no preparatory actions whatsoever.
5. Latest Revisions to Standard Framework
As of June 2026, the original 2024 release of EN 18031 Part 1, 2 and 3 remains unmodified with no major amendments issued. Nevertheless, CENELEC working groups have initiated discussions for supplementary revisions tailored to AIoT use cases, planned for publication around 2027. These addenda will introduce specific controls for edge AI model security and inference data protection to address emerging threat vectors.
Additionally, GDPR supervisory authorities closely monitor privacy clauses within EN 18031-2 for children-targeted wireless devices. The European Data Protection Board (EDPB) has opened formal compliance research on connected kids’ hardware, expecting detailed enforcement guidelines within 12 months. New rules will tighten mandatory hardware-level parental access controls and strict data minimization benchmarks for juvenile user datasets.
BlueAsia delivers full-spectrum EN 18031 support including pre-compliance gap analysis, security architecture audits and seamless Notified Body coordination, backed by proven real-world project experience. Consultant of BlueAsia Testing & Certification: +86 13534225140 (Benson)
相关新闻
