From August 1, 2025, the EU’s Radio Equipment Directive (RED 2014/53/EU) now mandates cybersecurity in addition to traditional RF, EMC, LVD/Safety. If your device has wireless capability, passing only RF/EMC/Safety is no longer enough—you must also meet the new EN 18031 cybersecurity standards to place products on the EU market.
| RED Article | Core Requirement | Harmonized Cybersecurity Standard (2025) | Typical Equipment |
|---|---|---|---|
| 3.3(d) | Device must not harm networks or misuse network resources (e.g., DDoS resilience). | EN 18031-1 | Internet-connected radio equipment: smartphones, tablets, routers, smart appliances |
| 3.3(e) | Device must protect users’ personal data and privacy. | EN 18031-2 | Devices processing personal data: wearables, child-care devices, toys, sensors |
| 3.3(f) | Device must include fraud-prevention features. | EN 18031-3 | Payment/transaction devices: POS terminals, crypto wallets, ATMs |
Bottom line: Most wireless products now sit under at least EN 18031-1. If you process personal data, add -2. If you handle monetary value, add -3.
EN 18031-1: Any radio equipment with network connectivity (phones, tablets, Wi-Fi routers, smart appliances).
EN 18031-2: Devices that process personal data (Bluetooth headsets with apps, smartwatches, baby monitors, wearables, smart sensors).
EN 18031-3: Equipment handling monetary value/transactions (POS, crypto hardware wallets, ATMs).
Passwords: No blank/default passwords; users must set strong credentials.
Parental Controls: Child-oriented devices/toys must include guardian access control.
Secure Updates: For financial devices, single-method security (e.g., signature only) is insufficient—robust, multi-layered update protection is expected.
Special sectors (e.g., medical devices, civil aviation, motor vehicles) are generally exempt from 3.3(e) & 3.3(f), but still must meet 3.3(d) (network integrity).
Map Your Product to EN 18031
Identify whether you fall under -1, -2, -3 (or a combination).
Check the Limitations
If you fully meet the password/parental-control/secure-update rules, Self-Declaration may be possible. If not, plan for EU Notified Body (NB) involvement.
Document & Test Early
Align firmware/security architecture with EN 18031 before formal testing to avoid retests and delays.
Use Certified Modules
Prefer Wi-Fi/Bluetooth modules already RED-certified (incl. EN 18031) to shrink scope, save cost, and shorten timelines.
Run an Early Gap Analysis
Evaluate encryption (e.g., AES-256), authentication, secure boot, signed updates/rollback protection, data-minimization, and logging.
Penetration Testing + Firmware Security Review
Treat these as pre-tests to catch vulnerabilities before the official lab run.
Plan Documentation
Update the Technical File (security architecture, data flows, update policy, access control, privacy controls, threat model).
Market ban and recall/removal from EU channels
Fines up to 4% of global annual turnover
Shared liability for importers/distributors who fail to verify compliance
Blue Asia Technology (Shenzhen)—an ISO/IEC 17025-accredited lab—provides end-to-end support for CE-RED 2025:
EN 18031 cybersecurity testing (3.3(d)(e)(f)) + RF/EMC/LVD/SAR
Pen-testing & firmware security audits (pre-test to reduce risk)
Documentation support (security architecture, privacy controls, update policy)
Multi-market programs: FCC / UKCA / KC / SRRC / MIC / RCM, plus BQB / Wi-Fi Alliance / USB-IF
king.guo@cblueasia.com
+86 135 3422 5140
Q1. Does every wireless product need EN 18031 now?
Most internet-connected radios need EN 18031-1. Add -2 if processing personal data; add -3 if handling transactions.
Q2. Can I self-declare?
Yes—only if you meet strict conditions (passwords, parental controls, secure updates). Otherwise, use a Notified Body.
Q3. What’s the fastest way to get ready?
Run a gap analysis, fix firmware/security, use certified modules, and perform pre-testing before the official lab cycle.
Need to confirm which EN 18031 parts apply to your device and how to pass them on the first attempt?
Blue Asia Technology can review your design, map gaps, and build a pass-ready test plan.
Request a Free CE-RED Cybersecurity Checkup → /contact
king.guo@cblueasia.com | +86 135 3422 5140
Related News
