The EU EN 18031 certification new regulations can be seen as adding a "cybersecurity lock" to wireless devices.
| Standard Part | Corresponding RED Directive Clause | Core Objective | Main Applicable Product Examples |
| EN 18031-1 | Article 3(3)(d): Equipment must not harm the network or its functionality | Protect Network & Security Assets, prevent device misuse of network resources or service degradation. | Smartphones, Routers, Tablets, Smart Home Devices |
| EN 18031-2 | Article 3(3)(e): Protection of user personal data and privacy | Protect Privacy Assets, ensure personal data is properly safeguarded. | Child Care Devices, Smart Toys, Wearables (e.g., Fitness Trackers) |
| EN 18031-3 | Article 3(3)(f): Ensure fraud prevention | Protect Financial Assets, prevent fraud when handling virtual currency. | POS Machines, Payment Terminals, Crypto Wallets, etc. |
You need to pay special attention to the following key dates:
1.Mandatory Implementation Date: Starting August 1, 2025, all radio equipment placed on the EU market must comply with the cybersecurity requirements in the RED Directive.
2.Standard Harmonization: The European Commission, via implementing decision (EU) 2025/138 on January 28, 2025, included the EN 18031 series standards in the list of harmonized standards under the RED Directive.
⚠️Special Attention: Limitation Conditions That May Complicate Certification:
The EN 18031 series standards contain specific limitation conditions. If your product triggers these, you cannot use the simple self-declaration route but must undergo third-party certification by an EU-designated Notified Body (NB). These conditions include:
1.Password Requirements: For all three parts, if the device allows the user not to set or not to use a password (violating standard clauses 6.2.5.1 and 6.2.5.2), the harmonized standard presumption is lost.
2.Children's Device Requirements: For child care devices and toys under EN 18031-2, if parent or guardian access control is not ensured (violating clause 6.1.3, etc.), NB involvement is also required.
3.Financial Device Security Updates: For devices processing virtual currency under EN 18031-3, the standard explicitly states that any single method for security updates (e.g., only digital signatures) is insufficient for handling financial assets. Therefore, such devices typically must undergo Notified Body conformity assessment.
EN 18031 Core Security Requirements Overview:
The EN 18031 series standards propose specific security requirements centered around "assets":
1.General Security Requirements (Primarily EN 18031-1):
·Access Control & Authentication: Ensure only authorized entities can access the device and network resources, e.g., via password protection.
·Secure Communication: Devices must use security measures like TLS encryption when transmitting data.
·Secure Update Mechanism: Device software and firmware must be updatable securely and reliably (e.g., verified via digital signatures).
·Traffic Control: For network devices, need the capability to manage and restrict network traffic to prevent unauthorized access.
2.Privacy Protection Requirements (Primarily EN 18031-2): In addition to general requirements, specifically emphasize **logging, user data deletion mechanisms, and user notification functions to protect personal privacy.
3.Financial Security Requirements (Primarily EN 18031-3): Build on general requirements, focusing more on device integrity (e.g., secure boot) and stricter logging to ensure financial transaction security.
We hope this overview of the EU EN 18031 certification new regulations is helpful. If you can share the specific product type you are responsible for, BLUEASIA Technology: 13534225140, will provide you with professional certification consulting services! Ensure your products can smoothly pass certification and enter the EU market on time.
Related News
