EN18031 series released on EU Official Journal in Jan 2025 serves as mainstream harmonized standard corresponding to three RED cybersecurity clauses, alternative equivalent security schemes are acceptable yet rarely used in real business.
·EN18031-1 vs RED3.3(d) Network Protection:
Test access control & weak password prevention, encrypted data communication verified via Wireshark packet capture, signed secure OTA upgrade verification, unused port shutdown and security log storage check.
·EN18031-2 vs RED3.3(e) Privacy Protection:
Verify data minimization collection rule, user data consent & deletion function, anonymization effectiveness via k-anonymity reverse test, extra strict parental access control for childcare & toy radio goods per EU2025/138.
·EN18031-3 vs RED3.3(f) Anti-fraud for Finance:
End-to-end payment encryption test, hardware anti-tamper & side-channel attack resistance verification, abnormal transaction identification function check; single-type security update design cannot apply DoC for payment terminals.
Three restriction rules from EU (2025/138):
Blank-password-allowed products, unregulated parental-control childcare/toy devices, single-measure update payment terminals must conduct NB certification instead of self-declaration. Products adopting Bluetooth pairing key authentication skip blank-password restriction naturally.
BlueAsia provides item-by-item pre-test against EN18031. Contact:13534225140
Related News
