Cybersecurity standards EN 18031 series and ETSI cybersecurity standards

A messed up relationship

The final version of the standards on cybersecurity requirements was published by CENELEC in August 2024 and can be obtained from many (unfortunately not all) national standards bodies.

EN 18031-1:2024 - Common security requirements for radio equipment 
- Part 1: Internet connected radio equipment

EN 18031-2:2024 - Common security requirements for radio equipment 
- Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

EN 18031-3:2024 - Common security requirements for radio equipment 
- Part 3: Internet connected radio equipment processing virtual money or monetary value

Due to the procedures (coordination) specified in the European standardization, it can be said that the development with the result (final publication) was almost uniquely fast.

One of the many special features of these standards are the mapping tables to the cybersecurity standards of ETSI and IEC, which should make life easier for the user.

Annex B (informative):

Mapping with EN IEC 62443-4-2:2019 (Industrial automation and control)

and

Annex C (informative):

Mapping with ETSI EN 303 645 (Consumer IoT) [Note V2.1.1 of 2020]
 

ETSI did not take these things into account and published ETSI EN 303 645 V3.1.3:2024-09 in September 2024. Therefore, the tables really need to be compared exactly where which point is shown.

Furthermore, it is important to deal with all the standards mentioned here and to monitor further progress in order to be able to react in good time.

The chairman of the CENELEC standards committee and a representative of the Commission assume that the cybersecurity requirements defined in the Radio Equipment Directive will be transferred to the European Cyber Resilience Act (CRA) (Regulation (EU) 2024/2847, published on November 20, 2024) in the foreseeable future. It is far from clear which European standards organization will then revise the standards or issue new standards.

Our recommendation today: Take the EN 18031 series and ensure that the requirements contained therein are implemented in your radio products by August 01, 2025 so that sales can continue.


We will keep you up to date and will be happy to answer any questions you may have.

 

Author

Dipl.-Ing. (FH) Torsten Sahm
Senior Product Compliance Consultant
 



TERMS AND ABBREVIATIONS

CENELEC: European Committee for Electrotechnical Standardization
CRA: Cyber Resilience Act, CRA (Regulation (EU) 2024/2847)
ETSI: European Telecommunications Standards Institute. One of three EU standards organizations (ESO)
IEC: International Electrotechnical Commission

More Information

Published on 03.12.2024
Category: Fokus Electrical and Wireless, Insider-Compliance, Compliance

back to list

Compliance News

The latest developments in all areas of market authorization and product compliance.

Comprehensive expertise in Standards Management
More News
International: ISO- und IEC-Standards

Drafts

Read more

Europe: CEN, CENELEC

Adopted standards and drafts from CEN/CENELEC

Read more

EU: June 2026, new references of OJ listed harmonized standards (hEN)

Medical devices and ATEX

Read more

Expert-verified information packages for compliant products worldwide

Save resources, reduce liability risk, gain security!

learn more and order now

De En
Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK