EU CRA standards and the successors to EN 18031

EN 40000-1-X series

We have already reported in a previous newsletter(A normative landscape for the Cyber Resilience Act (EU) 2024/2847) that the series of standards (EN 18031-X) on cybersecurity from the RED requirement on cybersecurity will have successors, which will be continued in the EU Cyber Resilience Act.

Here is the current status of the future standards:

 

EN 40000-1-1

Cybersecurity requirements for products with digital elements

- Part 1-1: Vocabulary

 

EN 40000-1-2

Cybersecurity requirements for products with digital elements

- Part 1-2: Principles for cyber resilience

 

New in the Working Program:

EN 40000-1-3

Cybersecurity requirements for products with digital elements

- Part 1-3: Vulnerability Handling

 

EN XXXX

Cybersecurity requirements for products with digital elements

- Part XXXX: - Generic Security Requirements

 

EN XXXX

Cybersecurity requirements for products with digital elements

- Part XXXX: Threats and Security Objectives

 

The drafts of the first two standards are due to be published soon. We will have to be patient for the others.
 

The standards are being drawn up in the CEN-CENELEC Committee "CEN/CLC/JTC 13, WG9". Working Group 9 is concerned with

          "Horizontal cybersecurity for products with digital elements"

The Chairman (WG 9) is Ben Kokx, under whose leadership the EN 18031-X series was also created.

→ Click here to go directly to CEN, CENELEC


On February 16, 2026, the Commission decided to repeal Delegated Regulation (EU) 2022/30 (RED Cyber) with effect from December 11, 2027. This means that the new standards mentioned above must be finalized at least six months in advance.

→  Click here for the decision and explanatory memorandum

The requirements of the RED are then adopted and taken into account more comprehensively in the CRA.
 

We will keep you up to date and will be happy to provide you with further details.

 

Author

Dipl.-Ing. (FH) Torsten Sahm
Senior Product Compliance Consultant

 



OJEU: Official Journal of the EU

RED: Radio Equipment Directive 2024/53/EU

CRA: Cyber Resilience Act (EU) 2024/2847

CEN, CENELEC and ETSI are the three EU standard organizations (ESO)

More Information

Published on 19.02.2026
Category: Focus Industry, Fokus Electrical and Wireless, Insider-Compliance, Compliance

back to list

Compliance News

The latest developments in all areas of market authorization and product compliance.

Comprehensive expertise in Standards Management
More News
EU: CRA standards and the successors to EN 18031

EN 40000-1-X series

Read more

EU: Update REACH 2026.02

Current developments January 2026 - April 2026

Read more

EU: REACH PFAS restriction SEAC consultation

Last chance to participate until May 2026

Read more

Expert-verified information packages for compliant products worldwide

Save resources, reduce liability risk, gain security!

learn more and order now

De En
Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK