EN 18031 Series

EN 18031 series allow manufacturers to meet the cybersecurity requirement under the European Radio Equipment Directive(RED).

Request an Assessment →

Applicable Market

European Union (EU)

Regulation

Radio Equipment Directive (RED)
Article 3.3 (d), (e), (f)

Standards

EN 18031-1:2024
EN 18031-2:2024
EN 18031-3:2024

Applicable Products

Wireless products
Wearable devices
Childcare radio equipment
Payment-related
and More..

WHAT IS EN 18031

EN 18031 Series

EN 18031 series defines cybersecurity requirements and test specifications for connected radio equipment. It provides a harmonized approach to demonstrate compliance with the cybersecurity provisions of the European Radio Equipment Directive.
The series includes three parts covering general requirements, security requirements for network-connected equipment, and security requirements specific to internet-connected equipment.

EN18031-1

Internet connected radio equipment

Defines the general cybersecurity requirements applicable to all categories of connected radio equipment.

EN18031-2

Radio equipment processing data or Childcare wearable radio equipment

Specifies additional cybersecurity requirements for equipment connected to networks.

EN18031-3

Radio equipment processing virtual money or monetary value

Specifies additional cybersecurity requirements for equipment connected to the internet.

WHY IT MATTERS

Why do we need EN 18031

Cybersecurity has become a mandatory requirement for connected radio equipment in the European market. Compliance with EN 18031 helps manufacturers:

Ensure compliance with RED cybersecurity requirements

Reduce product security risks and vulnerabilities

Enhance product trust and brand reputation

HOW THE ONE LAB SUPPORTS YOU

Our Service Scope

01

Applicability
Assessment

Evaluate whether the product falls within EN 18031 / RED cybersecurity requirements.

02

Requirement
Mapping

Map applicable EN 18031 requirements to the product architecture and functions.

03

Technical Documents
Review

Review technical files and cybersecurity documentation against applicable requirements.

04

Testing

Conduct cybersecurity testing based on the relevant EN 18031 test scope.

05

Final Test
Report

Issue a final test report summarizing results, findings and conclusions.

HOW WE ACCESS EN 18031 CYBERSECURITY READINESS

Our Approach

The One Lab assesses cybersecurity from both compliance and practical security perspectives. Our goal is not only to identify non-conformities, but also to help manufacturers understand the practical security risks behind the requirements and prepare evidence for compliance review.

Product Scope & Applicability Review
Security Function Assessment
Network Interface & Communication Security Review
Authentication & Access Control Review
Software & Firmware Security Review
Vulnerability & Exposure Assessment
Data Protection & Privacy Security Control Review
Secure Update Mechanism Review
Documentation & Technical File Support
Gap Analysis Against EN 18031 Requirements
DELIVERABLES

What You Will Receive

Depending on the project scope, our deliverables may include assessment results, technical review findings, test summaries and supporting evidence for compliance preparation.

EN 18031 Applicability Review
Cybersecurity Gap Analysis Report
Technical Assessment Report
Test Result Summary
Recommended Corrective Actions
Supporting Evidence for Technical Documentation
Pre-compliance Review Before Formal Conformity Assessment

APPLICABLE PRODUCTS

Typical Product Examples

IoT Devices IoT Devices
Smart Home Devices Smart Home
Devices
IP Cameras IP Cameras
Industrial Equipment Industrial
Equipment
Network Devices Network
Devices
Wearables Wearables
Connected Automotive Connected
Automotive
Other Connected Radio Equipment Other Connected
Radio Equipment

FAQ

Frequently Asked Questions

No. EN 18031 is not automatically applicable to all products. It applies to radio equipment that falls within the scope of the European Radio Equipment Directive cybersecurity requirements. Applicability depends on the product type, network functions, internet connectivity, data processing functions and intended use.

Manufacturers should first perform an applicability assessment to confirm whether EN 18031-1, EN 18031-2, EN 18031-3, or a combination of these standards applies to their product.

The timeline depends on product complexity, document readiness and the number of applicable requirements. A preliminary applicability review may be completed relatively quickly if the product information is clear.

A full assessment or evidence review usually takes longer because it may require checking technical documentation, security functions, test evidence and implementation details.

EN 18031-2 focuses on cybersecurity requirements for network-connected radio equipment. This generally covers products that connect to networks and exchange data with other systems or devices.

EN 18031-3 focuses on additional requirements for internet-connected radio equipment. If the product connects to the internet directly or indirectly, EN 18031-3 may introduce further security expectations related to internet connectivity, data protection and exposure to remote threats.

In simple terms, EN 18031-1 covers general cybersecurity requirements, EN 18031-2 covers network-connected equipment, and EN 18031-3 covers internet-connected equipment.

During the testing period, NO. According to ISO 17025, we have to maintain or independence and fairness.

But before the official test, Yes. The One Lab can help manufacturers understand identified gaps and provide practical recommendations for remediation.

Support may include explaining findings, suggesting additional evidence to prepare, reviewing revised documentation, advising on security function clarification and helping prepare a compliance action plan. Final implementation and product design changes remain the responsibility of the manufacturer.

The required documents depend on the product type and assessment scope. Manufacturers are usually expected to prepare product specifications, user manuals, network interface descriptions, software or firmware version information, authentication mechanism descriptions, access control descriptions, secure communication descriptions, firmware update procedures, vulnerability handling processes, security configuration information and available test evidence.

The One Lab can first review the available documents and help identify missing evidence or unclear technical descriptions.

The One Lab is accredited by ANAB for EN 18031, so we can support both cybersecurity testing and documentation review, depending on the project scope.

For some projects, the service may focus on applicability assessment, requirement mapping, technical documentation review and evidence checklist preparation. For other projects, The One Lab may also support cybersecurity testing, evidence review and final test reporting based on applicable EN 18031 requirements.

Not Sure Where to Start?

Request a free initial consultation or product assessment.
Our experts are here to help.

Ask Our Experts→