In 2025, the European Union officially incorporated the EN 18031 series into the list of harmonized standards under the Radio Equipment Directive (RED).
This means that wireless and IoT devices sold in the EU must now comply with new cybersecurity and data protection requirements to obtain market access.
| Standard Part | Related RED Clause | Core Objective | Typical Products |
|---|---|---|---|
| EN 18031-1 | Article 3(3)(d): Devices must not harm the network | Protect network and security assets; prevent misuse or service degradation | Smartphones, Routers, Tablets, Smart Home Devices |
| EN 18031-2 | Article 3(3)(e): Protect users’ personal data and privacy | Safeguard privacy assets and ensure secure personal data handling | Smart Toys, Wearables, Child Care Devices |
| EN 18031-3 | Article 3(3)(f): Ensure fraud prevention | Protect financial assets and prevent fraud in virtual currency transactions | POS Machines, Payment Terminals, Crypto Wallets |
If your product triggers certain limitation conditions, you cannot use the self-declaration route (SDoC) and must instead go through a Notified Body (NB) for third-party assessment.
Common limitation conditions include:
Password Requirements:
If users can skip password setup (violating clauses 6.2.5.1 & 6.2.5.2), harmonized presumption is lost.
Children’s Devices:
For childcare products under EN 18031-2, if parental access control is missing (clause 6.1.3), NB assessment is mandatory.
Financial Device Updates:
For EN 18031-3 devices handling digital currency, relying on a single update method (e.g., only digital signatures) is not compliant; NB review is required.
Access Control & Authentication: Only authorized users may access system resources.
Secure Communication: Data must be encrypted (e.g., TLS).
Secure Updates: Firmware/software must support verified secure updates.
Secure Storage: Sensitive data must be encrypted and access-controlled.
Logging and monitoring of personal data access
Clear data deletion and user notification mechanisms
Enhanced privacy-by-design structure
Secure boot and device integrity protection
Comprehensive event logging for financial transaction tracking
Assessment methods involve:
Conceptual assessment
Functional completeness evaluation
Functional adequacy testing
EN 18031-1: Networked devices such as routers, smart home hubs, industrial IoT equipment
EN 18031-2: Devices processing user data, e.g., wearables, baby monitors, cameras
EN 18031-3: Devices handling financial or monetary value, e.g., POS, terminals, crypto devices
Exemptions:
Medical devices (MDR), aviation electronics, and automotive systems are generally covered under other sectoral regulations.
Mandatory for RED compliance in 2025 and beyond
Enables faster EU market access with proper cybersecurity validation
Builds consumer trust through proven data protection and fraud prevention
Future-proofs connected devices against evolving cyber threats
Blue Asia Technology provides:
EN 18031 conformity assessment support
Gap analysis against RED cybersecurity requirements
Assistance with Notified Body submissions
Cybersecurity risk assessment and documentation preparation
Contact us today:
Email: king.guo@cblueasia.com
Phone: +86 135 3422 5140
Website: www.blueasialabs.com
Q1: Is EN 18031 mandatory for all wireless devices in the EU?
A1: Yes. All radio equipment under the RED must comply with EN 18031 standards starting 2025 to demonstrate cybersecurity conformity.
Q2: Can I use a Declaration of Conformity (DoC) instead of third-party testing?
A2: Only if your product doesn’t trigger any limitation conditions listed in the standards (e.g., password or parental control requirements).
Q3: How long does EN 18031 testing take?
A3: Typically 4–8 weeks depending on device complexity and documentation readiness.
Q4: What happens if I don’t comply with EN 18031?
A4: Non-compliant products risk market access denial, sales suspension, or EU recall penalties.
Q5: How can Blue Asia assist with EN 18031 certification?
A5: We provide complete technical consulting, documentation review, and pre-assessment testing to ensure a smooth certification process.
Related News
