What Is EN 18031?
EN 18031 is a European standard developed by the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC) under their joint technical committee CEN-CENELEC JTC 13, Working Group 8 (WG8), which focuses on cybersecurity and data protection.
The EN 18031 standards were developed in response to the European Union's Delegated Regulation 2022/30/EU, which mandates specific cybersecurity requirements for radio equipment under the Radio Equipment Directive (RED). This standard provides a framework for demonstrating conformance with the Radio Equipment Directive (RED) 2014/53/EU, specifically Articles 3.3(d), (e), and (f) and is now harmonized with some restrictions (See below).
The main goal of EN 18031 is to enhance the security of radio equipment by strengthening its ability to protect networks, user data privacy, and financial assets from common cybersecurity threats.
What Are the Main Features of EN 18031?
Here are the main features and focuses of EN 18031:
- Adoption of EN 18031: The standard EN 18031 was approved, serving as the harmonised standard with some restrictions to demonstrate compliance with the cybersecurity requirements outlined in the RED directive.
- Focus on Cybersecurity: The adoption of EN 18031 addresses cybersecurity articles (d), (e), and (f) of the RED directive, ensuring robust protection against cyber threats.
- Enhanced Protection: Manufacturers and stakeholders in the radio equipment sector will now need to adhere to EN 18031 to ensure their products comply with RED directive and probably with upcoming cybersecurity regulations.
- Implications for the Industry: This standard provides a clear framework for cybersecurity, facilitating better protection of personal data, privacy and fraud with the goal of reducing the risk of cyber-attacks on radio equipment.
What Are the Key Components within EN 18031?
In the infographic below, we lay out the key components within the standard EN 18031 broken down into three parts:
What Can We Find in EN 18031?
EN 18031 provides a complete set of requirements to be met, along with detailed rationales, guidance, and assessment criteria to ensure correct application to radio equipment devices.
Each requirement is evaluated in a two-step process: first, its applicability to the product is determined, and then the implementation's suitability is examined.
It also contains comprehensive decision trees that help the evaluator and manufacturer to understand the applicability and pass/fail criteria.
When Will Cybersecurity Articles 3.3 D, E and F Be Enforced?
The cybersecurity articles compliance under EN 18031 will be enforced starting from August 1st, 2025.
To demonstrate compliance with the Radio Equipment Directive (RED) Articles 3.3(d), (e), and (f), manufacturers can benefit from a presumption of conformity if they:
- Fully implement EN 18031 in their product design and cybersecurity measures, and
- Adhere to all specified restrictions outlined in the Commission Implementing Decision (EU) 2025/138 of 28 January 2025.
If a manufacturer does not fully apply EN 18031 or does not comply with the restrictions, they must undergo a conformity assessment by a Notified Body (NB) to verify compliance before placing their products on the EU market.
How Can Applus+ Laboratories Help You with EN 18031?
Applus+ Laboratories offers comprehensive evaluation services for radio equipment to ensure compliance with the EN 18031 standard (Part 1, 2 and 3), which aligns with the Radio Equipment Directive (RED) cybersecurity requirements.
Our services help manufacturers verify that their products meet the essential cybersecurity requirements, covering articles (d), (e), and (f) of the RED directive.
What Key Services Do We Offer for EN 18031?
In Applus+ Laboratories, we offer the GAP analysis and Cybersecurity Compliance to our clients to help them comply with EN 18031:
GAP Analysis
If you are new and need to evaluate your product against the standard to determine how close you are to compliance, GAP Analysis is ideal for you.
Here’s an overview of GAP analysis:
- Analysis of product specifications to comply with EN 18031.
- Analysis of evidence requirements to comply with EN 18031.
- Identification of applicable cybersecurity requirements under EN 18031.
- Identification of gaps in compliance.
Cybersecurity Compliance
If you are confident and it's time to officially evaluate your product with an official certification process, Cybersecurity Compliance will guide you through it.
Here’s an overview of Cybersecurity Compliance:
- Evaluation against EN 18031 standards.
- Generation of compliance reports.
Applus Laboratories is a Notified Body for the Radio Equipment Directive, (NB number 0370), including the new cybersecurity requirements that took into effect from February 1, 2022, and will be mandatory from August 1, 2025 (the EU extended the transition period 12 months in July 2023). Additionally, Applus+ Laboratories can act as an evaluation laboratory to perform the assessments.
Why Choose Applus+ Laboratories for EN 18031 Compliance?
After a long and dedicated journey with CEN/CENELEC JTC13 WG8, Applus+ Laboratories has been actively working with key stakeholders, including our clients. These clients have chosen us for our recognised expertise in standards and the relevant technology.
Contact us and ask for our comprehensive Evidence Checklist sheet to start your journey to the EN 18031 compliance.This checklist will help you determine whether you have all the necessary evidence in place.
Do you want to deep dive into EN 18031 and RED directive compliance?
Watch our videos on Youtube
Exploring the EN 18031 Standard: Cybersecurity Testing for Radio Equipment Directive Compliance (24 min)
.2025-01-10-17-04-50.png)
Cybersecurity Compliance for the Radio Equipment Directive (32 min)
.2025-01-10-17-04-07.png)