Scope of application and testing services of EN 18031 series standards

RED (Radio Equipment Directive), also known as the Radio Equipment Directive (2014/53/EU), is a mandatory compliance directive developed by the European Union for wireless products. It explicitly requires wireless products entering the EU market to be certified and affixed with the CE mark. The "DA" in the RED DA directive is the Directive Amendment, which focuses on the field of network security. Article 3.3 (d) (e) (f) serves as the core clause, setting minimum standards for wireless product network security and will be enforced from August 1, 2025. The implementation of this clause signifies that wireless products that do not meet network security requirements will be prohibited from being sold or circulated within the European Union.

The EN 18031 standard is divided into three parts: EN 18031-1/2/3, which correspond to the requirements of the RED directive.

Corresponding standards for regulatory provisions

2022/30/EU Article 3.3 (d) Network Security EN-18031-1

Article 3.3 (e) Personal Privacy EN-18031-2

Article 3.3 (f) Preventing Fraud EN-18031-3

1、 Analysis of EN 18031 Standard System

1. EN 18031-1

It is applicable to any radio equipment that can self communicate through the Internet, whether it is direct communication or through other equipment (Internet connected radio equipment).

Mobile phones and tablets

Wi Fi routers and gateways for networked air conditioning

Refrigerators and other household appliances

Smart TVs/TV boxes and 3G/4G/5G devices are all devices with Wi Fi communication capabilities

Vehicle networking components

Power converters in energy systems

2. EN 18031-2

It is applicable to the radio equipment for processing personal data, communication data or direct location data, namely Internet connected radio equipment, child care radio equipment, toy radio equipment and wearable radio equipment.

Bluetooth connection to mobile phones, headphones, or Boombox

Smart watches and other mobile devices

Intelligent sensors, air purifiers, vacuum cleaners

Baby monitor and 3G/4G/5G devices

Vehicle networking components

GPS tracking device

3. EN 18031-3

It is applicable to any radio equipment connected to the Internet, if the equipment enables the holder or user to transfer money, currency value or virtual currency.

POS machine, ATM machine

Devices that support any type of transfer

Exemption scope:

1. Medical devices and equipment not covered by MDR regulations.

2. Not applicable to Regulation (EU) 2018/1139 and Regulation (EU) 2019/2144.

3. Equipment related to aviation or road traffic within the scope of Directive (EU) 2019/520 is not applicable.

2、 Testing and evaluation

Correspondence Table of EN18031 Sub Standards and Safety Requirements

Requirement EN18031-1 EN18031-2 EN18031-3

[ACM]Access control mechanism √ √ √

[AUM]Authentication mechanism √ √ √

[SUM] Secure update mechanism √ √ √

[SSM]Secure storage mechanism √ √ √

[SCM]Secure communication mechanism √ √ √

[LGM] Logging mechanism - √ √

[DLM] Deletion mechanism - √ -

[UNM]User notificiation mechanism - √ -

[RLM]Resilience mechanism √ - -

[NMM] Network monitoring mechanism √ - -

[TCM]Traffic control mechanism √ - -

[CCK] Confidential cryptographic keys √ √ √

[GEC]General equipment capabilities √ √ √

[CRY] Cryptography √ √ √

Definition of four types of assets

Protecting assets is not only about protecting specific data stored, transmitted, or otherwise processed by devices, but also includes protecting the functions used by devices and configuring these functions.

Asset Type Data&Information (Configuration) Configuration (Parameters) Function

Security assets, sensitive security parameters, confidential security parameters, and security functions

Network asset sensitive network function configuration, confidential network function configuration, and network function configuration

Privacy Assets Personal Information Privacy Function Configuration Privacy Function

Financial Assets, Financial Data, Financial Function Configuration, Financial Function

Basic requirements 3.3. d 3.3. e 3.3. f

Safe assets √√√

Network assets √

Basic requirements √

Financial assets √

Security assessment:

Conceptual evaluation: making decision tree judgments on each accessible asset

Functional integrity assessment: Evaluate whether there are any missed testing assets from the perspective of product functionality

Functional adequacy assessment: Confirm that all assets meet standard requirements

3、 Self declaration

As long as the product does not trigger the following restrictions, manufacturers can demonstrate compliance through self declaration:

1. No default password vulnerability

The device must force users to set a password (or alternative solutions such as biometric recognition) when using it for the first time, and does not allow the "no password use" mode.

Example: Smart routers require users to change their default password for the first time they connect to the network, which can be self declared.

2. Does not involve high-risk scenarios

Non child devices: The product does not involve children's privacy data (such as ordinary smart bracelets that do not collect children's GPS data).

Non financial devices: The device does not process payments or virtual currency transactions (such as regular Bluetooth speakers).

3. Improve the security update mechanism

Firmware updates must meet multiple protections in the standard (such as digital signature+anti rollback) and not rely on a single measure.

Example: The smart camera supports mandatory encryption updates → can be self declared.

4、 The Importance of Implementing Standards

1. Enhance the level of device network security: By strictly regulating access control, identity verification, and security updates, the network security performance of wireless products is effectively improved, protecting user privacy and property security.

2. Promoting industrial upgrading: Although enterprises face short-term cost increases, the market recognition of certified products is higher, which prompts enterprises to increase research and development investment, promote the improvement of industry safety standards, and build a sound management system.

3. Ensure compliance with EU market access: By following standards in product research and production, manufacturers can smoothly pass EU market access audits, avoiding trade barriers and economic losses caused by compliance issues.

4. Standardize market order: unify industry evaluation criteria, help certification agencies objectively certify, regulatory departments efficiently manage, reduce vicious competition, and purify the market environment.

The EN 18031 standard series, as an important initiative of the European Union in the field of wireless equipment network security, has set a new benchmark for the development of network security in the global wireless equipment industry through a comprehensive standard system, strict technical requirements, and scientific evaluation mechanisms. For wireless equipment manufacturers, actively following this standard is not only to meet the needs of market access, but also the key to enhancing product competitiveness and achieving sustainable development. With the formal implementation of standards, the global wireless equipment industry will inevitably experience a comprehensive improvement in network security protection level.