Interpretation of EN 18031 standard

On January 30, 2025, the EU official gazette officially included the EN 18031 series standards as coordinated standards under the Radio Equipment Directive (RED). This means that all wireless devices sold in the EU market must comply with the mandatory requirements of this new cybersecurity regulation starting from August 1st of this year. Products that do not meet the standards will face market access restrictions, and manufacturers need to accelerate the layout of compliance strategies. The implementation of this standard series will have a profound impact on the global wireless equipment industry, especially on related products planned for export to the EU market.

1、 Analysis of Standard System Architecture

The EN 18031 standard series has established three distinct and focused sub standard systems based on the functional characteristics and security risks of wireless equipment, forming a comprehensive network security protection matrix.

1. EN 18031-1: Network Protection Requirements

It is applicable to any radio equipment that can communicate through the Internet. Pay attention to the impact of radio equipment on the network and the reasonable use of network resources. It is required that the equipment will not have harmful effects on the network or its operation, and will not abuse network resources to cause serious impact on services. Such as mobile phones, tablets, Wi Fi routers, car components, etc.

2. EN 18031-2: Data Privacy Requirements

It is applicable to devices capable of processing personal data, traffic data and location data, including wireless devices connected to the Internet, radio devices designed for child care, radio devices complying with 2009/48/EC regulations, and radio devices designed or planned to wear, bind or hang on human bodies or clothes, focusing on protecting the personal data and privacy of users and order customers. Such as wearable devices, child monitoring devices, smart sensors, etc.

3. EN 18031-3: Financial Security Requirements

Suitable for networked wireless devices that allow holders or users to transfer currency, currency value, or virtual currency, ensuring the security of the device when handling financial related operations. Like POS machines ATM、 Virtual currency terminal.

Exemption scope:

1. Medical devices and equipment not covered by MDR regulations.

2. Not applicable to Regulation (EU) 2018/1139 and Regulation (EU) 2019/2144.

3. Equipment related to aviation or road traffic within the scope of Directive (EU) 2019/520 is not applicable.

2、 The main evaluation items of EN 18031 standard are:

Standard Number General Evaluation Project Unique Evaluation Project

EN 18031-1 Access Control Mechanism

authentication

Security update mechanism

Secure storage mechanism

security communication mechanism

Key confidentiality

General equipment capability requirements

Cryptography best practices for security and network assets contained in devices require evaluation of the following items:

Elastic mechanism

Network monitoring mechanism

Flow control mechanism

EN 18031-2 requires evaluation of the following items regarding the security and privacy assets contained in the equipment:

Access control mechanism for children's toys

Logging mechanism

Delete mechanism

User notification mechanism

External Perception Capability Document

EN 18031-3 requires evaluation of the following items regarding the security and financial assets contained in the equipment:

Logging mechanism

Integrity of device startup process and trustworthiness and authenticity of software

3、 Main differences between EN 18031 and ETSI EN 303 645

There are many similarities between the requirements of EN 18031 and ETSI EN 303 645, but higher requirements are placed on the tested equipment, and multiple requirements provide a "not applicable" condition, which increases the flexibility and standard applicability of the product through conformity assessment. Overall, if the product complies with ETSI EN 303 645, it will be very beneficial for the enterprise and its products to pass the EN 18031 standard assessment.