We are thrilled to announce that the European Commission has officially cited three long-awaited cybersecurity standards in the Official Journal of the European Union. These standards, developed by the CEN and CENELEC Joint Technical Committee CEN-CLC/JTC 13 on ‘Cybersecurity and Data Protection’, address key cybersecurity requirements outlined in the Radio Equipment Directive (RED).
In January 2022, the European Commission published Delegated Regulation 2022/30/EU, activating three essential cybersecurity requirements under RED. CEN and CENELEC were tasked with developing standards to cover these requirements.
The Newly Cited Standards
The following standards provide technical specifications for cybersecurity in internet-connected radio equipment:
- EN 18031-1:2024: Defines common security requirements for internet-connected radio equipment.
- EN 18031-2:2024: Specifies technical requirements for radio equipment that processes personal, traffic or location data. This includes devices such as internet-connected radio equipment, childcare radio equipment, toy radio equipment, and wearable radio equipment.
- EN 18031-3:2024: Outlines cybersecurity requirements for radio equipment that processes virtual money or monetary value and is capable of internet communication.
With these standards now in place, manufacturers can align with the cybersecurity requirements of the RED directive, which will become mandatory in August 2025. Furthermore, these standards establish a foundation for the development of harmonized standards supporting the Cyber Resilience Act.
This milestone represents a significant step toward strengthening cybersecurity in the European market, ensuring safer and more resilient radio equipment for consumers and businesses alike.
