Regarding the documentation required for EU EN 18031 certification and its validity period, we have consolidated the following information for you. This information primarily comes from professional testing and certification bodies.
To process EN 18031 certification, you need to prepare a comprehensive set of technical documentation to demonstrate product compliance. Below is the core list of required documents:
| Documentation Type | Description & Examples | Notes |
| Product Basic Information | Product description, functional specifications, user manual, etc. | Needs to clarify if the product falls within the scope of EN 18031. |
| Technical Design Documents | Circuit schematics, PCB layout, Bill of Materials (BOM), antenna report, etc. | Demonstrates how the device implements security features from the hardware design perspective. |
| Software/Firmware Information | Software architecture description, portions of core source code, version number, security update mechanism and policy, etc. | Meets strict requirements for software security. |
| Risk Assessment Report | Threat modeling, vulnerability assessment report, and corresponding mitigation measures. | Identifies potential risks to the device concerning network security and functional safety. |
| Test Reports | Test results for cybersecurity features (e.g., secure storage, communication encryption). | Provides evidence that the device meets key EN 18031 requirements. |
| Declaration of Conformity | Signed by the manufacturer, declaring the device's conformity with the RED Directive and EN 18031 standard. |
Furthermore, when preparing documentation, pay special attention to the following key limitation clauses that may affect the certification path:
1.Password Requirements: The device must force the user to set up and use a password; it cannot allow skipping this step or using default passwords.
2.Parental Control: For child care devices or toys, non-bypassable parent or guardian access control mechanisms must be implemented.
3.Security Updates: For devices handling financial transactions, the security update mechanism cannot rely solely on a single method (e.g., only digital signatures).
If your product triggers any of the above limitation clauses, certification must be obtained through an EU Notified Body via third-party certification, and self-declaration is not permissible.
Validity Period of EN 18031 Certification:
1.No Fixed "Certificate Validity Period": The EN 18031 standard itself does not specify a fixed, unified "certificate validity period".
·The validity of the certification is primarily tied to the product itself, relevant regulations, and the certification body's policy. You are required to keep the technical documentation for at least 10 years.
2.Circumstances Invalidation/Re-assessment:
·Product Changes: When hardware, firmware, or software upgrades are made that affect the cybersecurity functions related to the EN 18031 standard, re-certification or supplementary testing may be required.
·Regulatory Updates: If the EU revises the RED Directive or the EN 18031 harmonized standard itself, old certifications may no longer comply with the latest requirements.
·Certificate Specifics: Some certificates issued by Notified Bodies (NB) may have a specified validity period (e.g., 3 or 5 years), requiring re-assessment upon expiry. Specifics should be consulted with the chosen certification body.
We hope this overview helps you better understand the documentation requirements and validity period for EU EN 18031 certification. If you can share your specific product type, BLUEASIA Technology: 13534225140, will provide you with professional certification consulting services! Ensure your products can smoothly pass certification and enter the EU market on time.
Related News
