- Services
- Industries
- Automotive
- Battery
- Building inspection
- Fire alarms system testing
- Household appliances
- Installation materials
- Industrial machinery
- IT & audio video
- Laboratory, test & measurement
- Lighting equipment
- Maritime, oil & gas
- Medical & healthcare equipment
- Military & aerospace product testing
- Wireless & telecom
- Resources
- About
- Blog
- Events
Updated Aug 2, 2024
Ever since EU announced that the Radio Equipment Directive would implement cybersecurity as a mandatory requirement for CE marking from 1 August 2024, the big question has been whether a standard would be published in time.
Despite big effort of CENELEC it became clear that the original publishing date of December 2023 would not be obtained. Following this the date of the standard was delayed to 30 June 2024 and the RED implementation to 1 August 2025.
Again, the 30 June 2024 date has been postponed to 30 August 2024, but this time it is expected to stand firm.
The new standard is here.
On May 2024 the final draft of the standard series EN 18031 was issued and has now successfully past the voting of the member states. It is now expected to be available without any changes within 30 August. This means that developers, compliance managers, retailers and others finally will have a European standard specifically addressing the RED.
The EN 18031 series
The cybersecurity requirements of RED are divided into 3 main parts, each being addressed by one standard in the EN 18031 series:
Protection of Network | RED article 3.3 (d | EN 18031-1 |
Privacy | RED article 3.3 (e | EN 18031-2 |
Monterey fraud | RED article 3.3 (f | EN 18031-3 |
EU – the final obstacle
However, even after the EN 18031 series has been published, there is still one more issue – EU.
In order for a standard to be used to demonstrate compliance to a directive, it is to be approved by EU as a standard meeting the essential requirements of the Directive, and to be listed in the and listed in the EU Official Journal (OJ). Now, representatives from EU have in meetings with the RED Notified Bodies ensured that they will do all their powers to have the standards ratified as soon as possible. They are working in parallel with the ongoing voting process to reduce the time and they were optimistic as to a final stamp of approval by the official publishing date of the standard.
So, what now?
Both Notified Bodies and manufacturers are clear that the standard will be put into use as soon as it is published – and many have already started using the standards. There is of course a chance that the EU consultants will have some alterations made in the harmonized standards, but any such changes are expected to be minor, and that this delta can be solved separately.
Nemko has experience both with EN 18031 already as well as long experience with the standard most used today ETSI EN 303 645 and is also a RED Notified body.
Are your products within the scope of RED?
Book a free online meeting with a cybersecurity expert, and we’ll help you find out.
Geir Hørthe
Geir Hørthe is responsible for the Nemko cyber security initiative. He has worked at Nemko for more than 30 years, in the capacity of test services, lab manager of safety, ATEX and medical departments. He has also been Managing Director at the Nemko office in London for two years. After he returned to Norway, he held...
Other posts you might be interested in
Uncovering 28,000 New Vulnerabilities: The Importance of Vulnerability Scans
November 10, 2023
//
Cyber security
The Dark Side of QR Codes: Risks and How to Stay Safe
November 2, 2023
//
Cyber security
Balancing In-House & External IT Security: The Hybrid Approach
November 20, 2024
//
Cyber security