At the REDCA meeting, a representative of the EU Commission recently outlined the EU Commission's next steps with regard to listing in the Official Journal.
Where we stand today:
The final version of the standards on cybersecurity requirements was published by CENELEC in August 2024 and can be obtained from many (unfortunately not all) national standards bodies.
EN 18031-1:2024 - Common security requirements for radio equipment
- Part 1: Internet connected radio equipment
EN 18031-2:2024 - Common security requirements for radio equipment
- Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
EN 18031-3:2024 - Common security requirements for radio equipment
- Part 3: Internet connected radio equipment processing virtual money or monetary value
There is a negative HAS assessment for each of these standards. Which in itself calls into question the listing of the standards in the OJEU for the RED.
If the standards are not listed in the OJEU for the RED, every manufacturer of radio equipment with a direct or indirect connection to the internet would be forced to have a type examination carried out by a Notified Body for every product type from August 01, 2025. Neither the EU Commission nor the notified bodies want this.
The EU Commission intends to list the three cybersecurity standards with restrictions in the OJEU. In addition, instructions are to be published on how to deal with these restrictions so that as many product types as possible are spared the type examination by the notified body.
All of this is to be implemented by the EU Commission as soon as possible. However, there is no roadmap or real commitment.
Despite criticism from the industry as to how the standards are to be implemented in products in the remaining months, an extension of the deadlines is not to be expected.
From August 01, 2025 the cybersecurity requirements for wireless products must be complied with.
Please do not hesitate to contact us for further details.
Author
Dipl.-Ing. (FH) Torsten Sahm
Senior Product Compliance Consultant
TERMS AND ABBREVIATIONS
OJEU: Official Journal of the EU
RED: Radio Equipment Directive
REDCA: The Radio Equipment Directive Compliance Association
CENELEC: European Committee for Electrotechnical Standardization