Getready Compliance Logo
Product has been added to your cart.

CE MARKING

ALREADY IN FORCE

New RED Cybersecurity Standards (EN 18031)

The new RED cybersecurity standards (EN 18031-1, -2, and -3) became mandatory in the EU on August 1, 2025. They apply to internet-connected radio equipment, including smart toys, wearables, routers, and devices that handle personal data or digital payments. The standards introduce clear requirements for data protection, secure design, and resilience against cyber threats.

What’s New About EN 18031

The Five Main Points At A Glance

Starting August 1, 2025, internet-connected radio equipment — from routers to smart toys, wearables, and connected appliances — must meet new cybersecurity requirements under the Radio Equipment Directive (RED).

  • EN 18031-1:2024: Establishes common security requirements for internet-connected radio equipment.
  • EN 18031-2:2024: Specifies technical requirements for radio equipment processing personal, traffic, or location data, including internet-connected devices, childcare radio equipment, radio-enabled toys, and wearable radio devices.
  • EN 18031-3:2024: Defines cybersecurity requirements for internet-connected radio equipment that processes virtual money or monetary value.

Devices that handle personal, location, or traffic data now require built-in protections against unauthorized access, data leaks, and misuse.

Products like smart payment terminals and wearables used for financial purposes must meet stricter safeguards against tampering, fraud, and breaches.

Using the EN 18031 series gives manufacturers a presumption of conformity with RED Article 3(3)(d), (e), and (f), simplifying the route to CE marking.

Implementation News and Tips

Last Update: December 2025

The implementation of EN 18031 is proving frustrating for many companies. These are the most relevant insights from the first months after the new standards became mandatory:

  • In early 2025, most laboratories were not fully prepared to test every product category under EN 18031. The situation is definitely improving, but the core issue remains: starting with testing is always the wrong approach. Without a structured compliance roadmap, testing can generate even more confusion.
  • EN 18031 requires a highly detailed Risk Assessment that becomes the foundation of the entire compliance process. Double tip: do not postpone this step and never produce it superficially (for example, by relying on AI tools without expert human supervision).
  • EN 18031 introduces concepts and expectations that are unfamiliar to most engineers. Many teams jump into implementation without fully understanding what the standard actually requires.
I Need Help To Handle This

EN 18031: Key Terms You Will Encounter

A short glossary to avoid getting lost in the new regulation

TermDefinition
Asset ListA complete inventory of assets relevant to cybersecurity, including hardware, firmware, software components, cloud services, APIs, and communication interfaces.
Audit-Ready Compliance FrameworkA structured and internally consistent set of compliance documents that enables manufacturers to self-declare conformity and respond to market surveillance requests.
Data Flow Diagram (DFD)A visual representation of how data enters, moves through, and exits the system, used to assess risks based on real data paths and interfaces.
Gap AnalysisA systematic comparison between existing documentation and EN 18031 requirements to identify missing or misaligned elements before implementation.
Requirements Traceability Matrix (RTM)A structured mapping of EN 18031 requirements to controls and evidence, used to demonstrate conformity.
Risk AssessmentA documented evaluation of cybersecurity risks affecting the product, based on the actual system architecture and foreseeable misuse.
Risk Treatment MeasuresTechnical or organizational measures to reduce identified risks to an acceptable level.
Scope VerificationThe formal confirmation of the product scope covered by the assessment, including variants, functions, and configurations.
Self-Declaration of ConformityThe manufacturer’s formal statement of compliance with EN 18031, supported by documented evidence.
Test PlanA document defining how EN 18031 requirements will be evaluated, including methods and acceptance criteria.
Yes, Please Help Me

Start Your Path To Cybersecurity Compliance

One Of Our Packages Likely Matches What You Are Looking For

Buy now our Starting Pack and fully understand how the new standards affect your product. Get a set of deliverables with unbeatable value for money that will give you all the tools to start this journey on your own.

If you need help, we have an intensive monthly plan where a cybersecurity compliance expert will accompany you through weekly meetings and quick responses to all your queries.

And if, after the Boost, you want to guarantee an effective Launch, simply contact us so we can propose a plan tailored to your needs.

Please remind:

We will assign you only senior-level profile engineers.

You can also fill out the form below and:

  • We’ll reply within 24 hours.
  • You’ll receive a link to sign our NDA template, which will protect the confidentiality of your documents.
  • If you prefer, we can sign your NDA template.

No commitment required – just a first step to understand your needs!

Contact Us And Get A Quick Reply