In 2025, the EU formally included the EN 18031 series standards into the list of harmonized standards under its Radio Equipment Directive (RED), meaning relevant wireless devices must meet new cybersecurity requirements to access the EU market.

Overview of EU EN 18031 Series Standards:

  EN 18031 Certification Key Requirements & Limitation Conditions:

The EN 18031 series standards contain specific limitation conditions. If your product triggers these, you cannot use the simple self-declaration route but must undergo third-party certification by an EU-designated Notified Body (NB). These conditions include:

1.Password Requirements: For all three parts, if the device allows the user not to set or not to use a password (violating standard clauses 6.2.5.1 and 6.2.5.2), the harmonized standard presumption is lost.

2.Children's Device Requirements: For child care devices and toys under EN 18031-2, if parent or guardian access control is not ensured (violating clause 6.1.3, etc.), NB involvement is also required.

3.Financial Device Security Updates: For devices processing virtual currency under EN 18031-3, the standard explicitly states that any single method for security updates (e.g., only digital signatures) is insufficient for handling financial assets. Therefore, such devices typically must undergo Notified Body conformity assessment.

  EN 18031 Core Security Requirements & Assessment Methods:

1.General Security Requirements (Primarily EN 18031-1):

·Access Control & Authentication: Ensure only authorized entities can access the device and network resources.

·Secure Communication: Devices must use security measures when transmitting data, e.g., using TLS encryption.

·Secure Update Mechanism: Device software and firmware must be updatable securely and reliably (e.g., verified via digital signatures).

·Secure Storage: Protect assets stored locally on the device via access control or data encryption.

2.Privacy Protection Requirements (Primarily EN 18031-2): In addition to general requirements, specifically emphasize logging, user data deletion mechanisms, and user notification functions to protect personal privacy.

3.Financial Security Requirements (Primarily EN 18031-3): Build on general requirements, focusing more on device integrity (e.g., secure boot) and stricter logging.

Regarding assessment methods, the standard requires conceptual assessment, functional completeness assessment, and functional adequacy assessment** of security mechanisms.

  EN 18031 Certification Applicable Product Scope:

1.EN 18031-1:Applies to all networked radio equipment, e.g., routers, smart home appliances, industrial IoT devices.

2.EN 18031-2:Applies to devices processing personal data, e.g., smartwatches, security cameras, baby monitors, toys.

3.EN 18031-3:Applies to devices processing virtual currency or monetary value, e.g., POS terminals, payment terminals, crypto wallets.

Exempt Products: Note that some product categories governed by other specific regulations are generally exempt, e.g., medical devices (under MDR), aviation equipment, and automotive electronics (governed by other specific regulations).

We hope this overview of the EU EN 18031 certification standards and items is helpful. If you can share the specific product type you are responsible for, BLUEASIA Technology: 13534225140, will provide you with professional certification consulting services! Ensure your products can smoothly pass certification and enter the EU market on time.