As of August 1, 2025, the European Union’s Radio Equipment Directive (RED, 2014/53/EU) entered a new phase of enforcement. Beyond traditional RF, safety, and EMC requirements, cybersecurity has officially become a mandatory component of CE-RED compliance.
This means all wireless devices—from Bluetooth speakers and smartwatches to industrial routers—must now demonstra
te conformity to new cybersecurity standards under the EN 18031 series before entering the EU market.
| Certification Item | Core Standard / Example | Key Test Focus |
|---|---|---|
| RF Performance | EN 300 328 (2.4 GHz Wi-Fi / Bluetooth) | Verifies correct frequency use, transmission power, and avoidance of harmful interference. |
| Electromagnetic Compatibility (EMC) | EN 301 489 series | Tests both immunity to external interference and self-emission levels to ensure stable operation in complex environments. |
| Electrical Safety (LVD) | EN 62368-1 | Evaluates insulation, battery safety, and overheating prevention to protect users. |
| Health Protection (SAR) | EN 62479 / EN 62311 | Measures electromagnetic radiation absorption for body-worn devices (phones, headsets, wearables). |
| Cybersecurity (New Mandatory Item) | EN 18031 series | Introduces data protection, network integrity, and fraud-prevention requirements (details below). |
The EN 18031 series introduces harmonized cybersecurity standards under the RED Directive. These address network protection, personal data security, and fraud prevention.
They correspond directly to Articles 3.3(d), (e), and (f) of the RED Directive and represent the biggest compliance challenge for wireless device manufacturers in 2025.
| EN 18031 Sub-standard | RED Article | Core Requirements & Applicable Devices |
|---|---|---|
| EN 18031-1 | Article 3.3(d) – Prevent network harm and misuse of network resources. | Applies to internet-connected devices (phones, smart home hubs, IoT appliances). Requires secure network protocols, DDoS attack prevention, and verified software update mechanisms. |
| EN 18031-2 | Article 3.3(e) – Protect personal data and privacy. | Applies to devices processing user data (wearables, child trackers, smart toys). Requires AES-256 encryption, secure data storage, and parental-control capabilities. |
| EN 18031-3 | Article 3.3(f) – Prevent fraud in transactional equipment. | Applies to devices enabling payments or crypto transactions. Requires multi-factor authentication, tamper-resistant design, and secure transaction verification. |
To use the self-declaration route (without Notified Body involvement), manufacturers must meet strict conditions:
User access must require strong authentication (e.g., no password-free login).
Devices for children must include parental control and restricted access functions.
Some equipment categories are partially exempt from Articles 3.3(e) and (f):
Medical devices, civil aviation equipment, and motor vehicles.
However, they must still comply with Article 3.3(d) (network integrity and resilience).
From August 1, 2025, non-compliant wireless products will be prohibited from entering or remaining on the EU market.
Penalties include:
Product sales ban and recall orders.
Administrative fines up to 4 % of global annual turnover.
Importers and distributors are also liable if they fail to verify CE-RED compliance documentation.
To help brands manage this transition efficiently, Blue Asia Technology recommends:
Early Gap Assessment – Conduct internal reviews comparing existing product security functions against EN 18031 requirements.
Pre-Testing in Accredited Labs – Identify weaknesses before formal testing to save both time and cost.
Component Optimization – Choose modules and chipsets already tested for RF/EMC compliance to simplify integration.
Multi-Standard Strategy – Coordinate CE-RED testing with FCC, UKCA, and KC programs to reduce retesting cycles.
Regular Firmware Updates – Implement secure update mechanisms with digital signatures and rollback protection.
Blue Asia Technology (Shenzhen) is an ISO/IEC 17025-accredited third-party laboratory providing complete testing and certification solutions for wireless and IoT devices.
Our expertise covers:
CE-RED, FCC, UKCA, KC, SRRC, MIC, and RCM approvals
EN 18031 cybersecurity testing and risk assessment
Bluetooth SIG BQB, Wi-Fi Alliance, and EMC evaluation
Pre-compliance testing and multi-market certification planning
Contact Blue Asia Technology
Phone / WhatsApp: +86 135-3422-5140
Email: King.guo@cblueasia.com
1️⃣ When did the new CE-RED cybersecurity rules take effect?
→ They became mandatory on August 1, 2025, for all wireless devices entering the EU.
2️⃣ Which standards apply to cybersecurity under CE-RED?
→ The EN 18031 series (-1, -2, -3) covers network integrity, privacy, and fraud protection.
3️⃣ Can manufacturers still self-declare compliance?
→ Yes, but only if devices meet strict conditions (e.g., password and parental controls). Otherwise, Notified Body involvement is required.
4️⃣ What are the penalties for non-compliance?
→ EU market bans, product recalls, and fines up to 4 % of global annual turnover.
5️⃣ Which industries are exempt?
→ Medical devices, aviation equipment, and vehicles are exempt from Articles 3.3(e) and (f) but must still meet Article 3.3(d).
6️⃣ How can Blue Asia help my company?
→ We offer comprehensive testing and consulting for CE-RED and multi-market approvals to reduce risk and speed up market entry.
Ready to Prepare for the 2025 CE-RED Cybersecurity Era?
Blue Asia Technology helps brands meet the new EN 18031 requirements and achieve CE compliance with confidence.
Get Your CE-RED Compliance Assessment →
King.guo@cblueasia.com +86 135-3422-5140
Related News
