Cybersecurity standards (EN 18031 series) for RED listed in the EU Official Journal

Listing with restrictions

We announced the forthcoming listing in the Official Journal of the EU (OJEU) in our last newsletter. On January 30, 2025, the EU Commission listed the three cybersecurity standards in the OJEU with restrictions.

The standards are therefore directly applicable with restrictions from January 30, 2025.

Without listing in the OJEU, every product with direct or indirect access to the internet would have had to undergo a type examination, at least for the cybersecurity part, by the Notified Body (NB) from August 1, 2025.

Due to the restrictions, the NB may still be required. The restrictions mean that the standards only fulfill the presumption of conformity to a limited extent.

The restrictions are described below in the notes (OJEU wording).

 

EN 18031-1:2024

     Common safety requirements for radio equipment 
     - Part 1: Radio equipment with internet connection

This standard applies to all equipment connected directly or indirectly to the Internet and not covered by Part 2 or 3 of the series of standards.

     Note 1: The clauses entitled 'rationale' or 'guidance' in this harmonized standard do not confer a presumption of conformity with the essential requirement set out in point (d) of the first subparagraph of Article 3(3) of Directive 2014/53/EU.

This restriction is not a restriction. It only clarifies that the parts of the standard entitled "Requirements" (points 6) are sufficient and valid. Informative parts of the standard are formally not to be observed, even if they are helpful for the user.

     Note 2: This harmonized standard does not confer a presumption of conformity with the essential requirement set out in Article 3(3), first subparagraph, point (d) of Directive 2014/53/EU if the user is allowed not to set or use a password when applying points 6.2.5.1 and 6.2.5.2.

This means that the user must always assign their own password.

If both these and all other requirements specified in the standard are met, the type examination by the NB is not required.

 

EN 18031-2:2024

     Common safety requirements for radio equipment 
     - Part 2: Radio equipment that processes data, in particular internet-enabled radio equipment, childcare radio equipment, toy radio equipment and portable radio equipment

The devices concerned are derived from the title of the standard and the RED.

     Note 1 and Note 2: are identical to the notes of the same name for EN 18031-1, thus providing the same solution approach.

     Note 3: For the classes and categories of radio equipment covered by 6.1.3, 6.1.4, 6.1.5 or 6.1.6 of this harmonized standard, this harmonized standard does not confer a presumption of conformity with the essential requirement set out in point (e) of the first subparagraph of Article 3(3) of Directive 2014/53/EU if access control by parents or guardians is not ensured by the application of points 6.1.3.4.2, 6.1.4.4.2, 6.1.5.4.2 and 6.1.6.4.2.

Here, the manufacturer of the product must ensure that access control is enforced by the parents. The sections of the standard provide for alternatives that are not desired by the EU Commission.

 

EN 18031-3:2024

     Common safety requirements for radio equipment 
     - Part 3: Internet-enabled radio equipment handling virtual money or monetary value

For all devices that enable or initiate payments.

     Note 1 and Note 2: are identical to the notes of the same name to EN 18031-1. This means that the same approach is taken.

     Note 3: With regard to the assessment criteria set out in point 6.3.2.4 of this harmonized standard, this harmonized standard does not confer a presumption of conformity with the essential requirement set out in point (f) of the first subparagraph of Article 3(3) of Directive 2014/53/EU."

This point is more complex and cannot be described and resolved here in brief.

The above content is abridged for the newsletter to provide a quick overview. In the detailed product evaluation, there will be cases that require in-depth consideration. We will be happy to help with our individual advice.

 

The EU Commission had originally announced that it would publish a guide to the comments.

We will keep you up to date and will be happy to provide you with further details.

 

Author's note

This article has been machine translated into English.

 



TERMS AND ABBREVIATIONS

OJEU: Official Journal of the EU
NB: Notified Body (third party body, required for a type examination)
Norm = Standard

Published on 31.01.2025
Category: Fokus Electrical and Wireless, Insider-Compliance, Compliance

back to list

Breaking News in Standards and Product Compliance

The world of standards and market authorization requirements may turn slowly, but it does turn.  Regular updates, revisions and reforms prove it.  We'll keep you posted!

And in other news, here's the latest on Standards and Product Compliance
GLOBALNORM News
Review of the GLOBALnorm Customer Day 2025

From sharing experiences to dreams of the future: our standards event in Waldkirch

Read more

Our Christmas campaign “donate rather than send” 2024

Charity instead of Christmas cards

Read more

Awarded as an entrepreneur of the future 2024

First of all: The German Innovation Institute for Sustainability and Digitalization (diind) is a Hamburg-based institution that brings together science and business to provide communication and marketing managers with reliable, high-quality information.

Read more

STANDARDS News
Introduction of ISO/PAS 8800

Functional safety for AI in road vehicles

Read more

Draft DIN EN ISO 12100:2025-12

Safety of machinery - General principles for design - Risk assessment and risk reduction (ISO/DIS 12100:2024)

Read more

New DIN DKE SPEC 99100:2025-02

Requirements for data attributes of the battery passport

Read more

COMPLIANCE News
Inspection of the HAS evaluation forms

The right of access to European Parliament, Council and Commission documents

Read more

Listing in the Official Journal of the RED (2014/53/EU)

A new list appeared on 15.5.2025 since November 2023

Read more

Harmonized standards for the Machinery Regulation (EU) 2023/1230

The mandate

Read more

De
Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK