EU: CRA standards and the successors to EN 18031

EN 40000-1-X series

We have already reported in a previous newsletter(A normative landscape for the Cyber Resilience Act (EU) 2024/2847) that the series of standards (EN 18031-X) on cybersecurity from the RED requirement on cybersecurity will have successors, which will be continued in the EU Cyber Resilience Act.

Here is the current status of the future standards:

EN 40000-1-1
Cybersecurity requirements for products with digital elements 
- Part 1-1: Vocabulary

EN 40000-1-2
Cybersecurity requirements for products with digital elements 
- Part 1-2: Principles for cyber resilience 

New in the Working Program:
EN 40000-1-3
Cybersecurity requirements for products with digital elements 
- Part 1-3: Vulnerability Handling

EN XXXX
Cybersecurity requirements for products with digital elements 
- Part XXXX: - Generic Security Requirements

EN XXXX
Cybersecurity requirements for products with digital elements 
- Part XXXX: Threats and Security Objectives

The drafts of the first two standards are due to be published soon. We will have to be patient for the others.

The standards are being created in the CEN-CENELEC Committee "CEN/CLC/JTC 13, WG9". Working Group 9 deals with 
     "Horizontal cybersecurity for products with digital elements"
The Chairman (WG 9) is Ben Kokx, under whose leadership the EN 18031-X series was also created.
https://standards.cencenelec.eu/ords/f?p=205:22:::::FSP_ORG_ID,FSP_LANG_ID:3259751,25&cs=1C27A4B0B0DBE60314FA9A937DC592CF5

On February 16, 2026, the Commission decided to repeal Delegated Regulation (EU) 2022/30 (RED Cyber) with effect from December 11, 2027. This means that the new standards mentioned above must be ready at least six months before this date.
Link to the decision with reasons:
     https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14766-Cybersecurity-repeal-of-Delegated-Regulation-supplementing-the-Radio-Equipment-Directive_en 

The requirements of the RED will then be more widely adopted by the CRA.
 

We will keep you up to date and will be happy to provide you with further details.
 

Author's note

This article has been machine translated into English.

 



TERMS AND ABBREVIATIONS

RED: Radio Equipment Directive 2024/53/EU

CRA: Cyber Resilience Act (EU) 2024/2847

CEN, CENELEC and ETSI are the three EU standard organizations (ESO)

Standards = norms

More Information

Published on 08.04.2026
Category: Focus Industry, Fokus Electrical and Wireless, Insider-Compliance, Compliance

back to list

Breaking News in Standards and Product Compliance

The world of standards and market authorization requirements may turn slowly, but it does turn.  Regular updates, revisions and reforms prove it.  We'll keep you posted!

And in other news, here's the latest on Standards and Product Compliance
GLOBALNORM News
Our Christmas campaign "donate rather than send" 2025

Charity instead of Christmas cards

Read more

Review of the GLOBALnorm Customer Day 2025

From sharing experiences to dreams of the future: our standards event in Waldkirch

Read more

Our Christmas campaign “donate rather than send” 2024

Charity instead of Christmas cards

Read more

STANDARDS News
EU: new references of harmonized standards

hEN updates for March

Read more

European standardization: Revision of the EU standardization regulation and CEN/CENELEC plan new standardization product

Where are we going?

Read more

International: ISO und IEC Standards

FDIS: Final Draft International Standard

Read more

COMPLIANCE News
EU: CRA standards and the successors to EN 18031

EN 40000-1-X series

Read more

EU: Update REACH 2026.02

Current developments January 2026 - April 2026

Read more

EU: REACH PFAS restriction SEAC consultation

Last chance to participate until May 2026

Read more

De En
Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK