Introduction to EU Cybersecurity Law

In recent years, wireless devices have been widely used, but security issues have occurred frequently, such as weak passwords and system vulnerabilities leading to data leaks and device control incidents. At the same time, the original RED directive of the European Union lacked cybersecurity regulations, and member states had inconsistent regulatory standards, which hindered market circulation and threatened consumer rights. Therefore, the European Union has issued the 2022/30/EU authorization regulation, clarifying that Article 3.3 (d), (e), and (f) of the RED Directive will come into effect on February 1, 2022 and be enforced from August 1, 2025, in order to unify wireless product network security standards and ensure the safe and orderly development of the market.

1、 Scope of application

Corresponding detailed rules and corresponding standards applicable scope

General safety requirements for radio equipment Part 1: Radio equipment connected to the Internet (corresponding to 3.3 (d)) EN 18031-1 Wireless equipment directly or indirectly connected to the Internet, which will affect network resources or other service facilities after being controlled

General safety requirements for wireless equipment Part 2: Radio equipment covering data processing, including Internet connected equipment, children's radio equipment, toy radio equipment and wearable radio equipment (corresponding to 3.3 (e)) EN 18031-2 Radio equipment for processing data, namely Internet connected radio equipment, child care radio equipment, toy radio equipment and wearable radio equipment

General Safety Requirements for Radio Equipment Part 2: Radio equipment covering data processing, including Internet connected equipment Children's radio equipment, toy radio equipment and wearable radio equipment (corresponding to 3.3 (e)) EN 18031-3 Radio equipment with financial attributes such as payment

2、 Exemption scope:

1. Complete exemption: The requirements in Article 3.3 (d), (e), and (f) of the RED Directive do not apply to medical devices governed by the EU Medical Device Regulation (MDR). For example: implantable pacemakers, medical monitors, etc

2. Partial exemptions: Regulation (EU) 2018/1139 (aviation safety), Regulation (EU) 2019/2144 (vehicle safety), Directive (EU) 2019/520 (road traffic safety). For example, aircraft communication systems, in vehicle navigation devices, etc

3、 Evaluation method:

Conceptual evaluation: making decision tree judgments on each accessible asset

Functional integrity assessment: Evaluate whether there are any missed testing assets from the perspective of product functionality

Functional adequacy assessment: Confirm that all assets meet standard requirements

4、 Under what circumstances can series certification be conducted?

In principle, serial applications can be made with the same MCU&OS version&firmware. The firmware version is inconsistent and cannot be applied for in a series.

Our company provides comprehensive evaluation services for wireless equipment to ensure compliance with the EN 18031 standard (Part 1

Sections 2 and 3), this standard complies with the network security requirements of the RED directive. Our service helps manufacturers verify whether their products meet basic network security requirements, covering clauses (d), (e), and (f) of the RED directive.