Listing of the cybersecurity standards EN 18031 series and outlook

When and how does the OJEU listing take place?

At the REDCA meeting, a representative of the EU Commission recently outlined the EU Commission's next steps with regard to listing in the Official Journal.

Where we stand today:

The final version of the standards on cybersecurity requirements was published by CENELEC in August 2024 and can be obtained from many (unfortunately not all) national standards bodies.

EN 18031-1:2024 - Common security requirements for radio equipment
- Part 1: Internet connected radio equipment

EN 18031-2:2024 - Common security requirements for radio equipment
- Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment

EN 18031-3:2024 - Common security requirements for radio equipment
- Part 3: Internet connected radio equipment processing virtual money or monetary value

There is a negative HAS assessment for each of these standards. Which in itself calls into question the listing of the standards in the OJEU for the RED.

If the standards are not listed in the OJEU for the RED, every manufacturer of radio equipment with a direct or indirect connection to the internet would be forced to have a type examination carried out by a Notified Body for every product type from August 01, 2025. Neither the EU Commission nor the notified bodies want this.

The EU Commission intends to list the three cybersecurity standards with restrictions in the OJEU. In addition, instructions are to be published on how to deal with these restrictions so that as many product types as possible are spared the type examination by the notified body.

All of this is to be implemented by the EU Commission as soon as possible. However, there is no roadmap or real commitment.

Despite criticism from the industry as to how the standards are to be implemented in products in the remaining months, an extension of the deadlines is not to be expected.

From August 01, 2025 the cybersecurity requirements for wireless products must be complied with.

Please do not hesitate to contact us for further details.

 

Author

Dipl.-Ing. (FH) Torsten Sahm
Senior Product Compliance Consultant

 




TERMS AND ABBREVIATIONS

OJEU: Official Journal of the EU
RED: Radio Equipment Directive
REDCA: The Radio Equipment Directive Compliance Association
CENELEC: European Committee for Electrotechnical Standardization

Published on 03.12.2024
Category: Fokus Electrical and Wireless, Insider-Compliance, Compliance

Compliance News

The latest developments in all areas of market authorization and product compliance.

Comprehensive expertise in Standards Management
More News
Common specifications (GS) of the EU

Alternative solution if no harmonized standards are available

Read more

New development on the "Malamud" case and free provision of standards

ISO and IEC file suit against the European Commission

Read more

Radio standards to be removed from the EU Official Journal

Technology neutrality. Strategy of the EU Commission

Read more

Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK