CE MARKING

ALREADY IN FORCE

New RED Cybersecurity Standards (EN 18031)

The new RED cybersecurity standards (EN 18031-1, -2, and -3) became mandatory in the EU on August 1, 2025. They apply to internet-connected radio equipment, including smart toys, wearables, routers, and devices that handle personal data or digital payments. The standards introduce clear requirements for data protection, secure design, and resilience against cyber threats.

What’s New About EN 18031

The Five Main Points At A Glance

Starting August 1, 2025, internet-connected radio equipment — from routers to smart toys, wearables, and connected appliances — must meet new cybersecurity requirements under the Radio Equipment Directive (RED).

EN 18031-1:2024: Establishes common security requirements for internet-connected radio equipment.
EN 18031-2:2024: Specifies technical requirements for radio equipment processing personal, traffic, or location data, including internet-connected devices, childcare radio equipment, radio-enabled toys, and wearable radio devices.
EN 18031-3:2024: Defines cybersecurity requirements for internet-connected radio equipment that processes virtual money or monetary value.

Devices that handle personal, location, or traffic data now require built-in protections against unauthorized access, data leaks, and misuse.

Products like smart payment terminals and wearables used for financial purposes must meet stricter safeguards against tampering, fraud, and breaches.

Using the EN 18031 series gives manufacturers a presumption of conformity with RED Article 3(3)(d), (e), and (f), simplifying the route to CE marking.

Implementation News and Tips

Last Update: December 2025

The implementation of EN 18031 is proving frustrating for many companies. These are the most relevant insights from the first months after the new standards became mandatory:

In early 2025, most laboratories were not fully prepared to test every product category under EN 18031. The situation is definitely improving, but the core issue remains: starting with testing is always the wrong approach. Without a structured compliance roadmap, testing can generate even more confusion.
EN 18031 requires a highly detailed Risk Assessment that becomes the foundation of the entire compliance process. Double tip: do not postpone this step and never produce it superficially (for example, by relying on AI tools without expert human supervision).
EN 18031 introduces concepts and expectations that are unfamiliar to most engineers. Many teams jump into implementation without fully understanding what the standard actually requires.

I Need Help To Handle This

Start Your Path To Cybersecurity Compliance

One Of Our Packages Likely Matches What You Are Looking For

Buy now our Starting Pack and fully understand how the new standards affect your product. Get a set of deliverables with unbeatable value for money that will give you all the tools to start this journey on your own.

If you need help, we have an intensive monthly plan where a cybersecurity compliance expert will accompany you through weekly meetings and quick responses to all your queries.

And if, after the Boost, you want to guarantee an effective Launch, simply contact us so we can propose a plan tailored to your needs.

Please remind:

We will assign you only senior-level profile engineers.

You can also fill out the form below and:

We’ll reply within 24 hours.
You’ll receive a link to sign our NDA template, which will protect the confidentiality of your documents.
If you prefer, we can sign your NDA template.

No commitment required – just a first step to understand your needs!

Cybersecurity Starting Pack, Boost & Launch

Price range: 197,00 $ through 2.000,00 $

Select options