EU Cybersecurity Harmonization (With Restrictions)
The new EU decision has harmonized cybersecurity standards:
1. EN 18031-1:2024
2. EN 18031-2:2024
3. EN 18031-3:2024
The decision is accessible here: EU Decision
Some restrictions on harmonization apply. The restriction terms can be found here: Restriction Terms
If a device falls under one of the restricted terms, a notified body should be consulted.
In addition to the three cybersecurity standards, the following applies:
1. EN 18031-1:2024
Common security requirements for radio equipment – Part 1: Internet-connected radio equipment.
Notice 1: The sections titled "Rationale" and "Guidance" in this harmonized standard do not confer a presumption of conformity with the essential requirement set out in Article 3(3)(d) of Directive 2014/53/EU.
Notice 2: This harmonized standard does not confer a presumption of conformity with Article 3(3)(d) of Directive 2014/53/EU if, when applying clauses 6.2.5.1 and 6.2.5.2, users are allowed not to set and use a password.
2. EN 18031-2:2024
Common security requirements for radio equipment – Part 2: Radio equipment processing data, including internet-connected radio equipment, childcare radio equipment, toy radio equipment, and wearable radio equipment.
Notice 1: The sections titled "Rationale" and "Guidance" in this harmonized standard do not confer a presumption of conformity with the essential requirement set out in Article 3(3)(e) of Directive 2014/53/EU.
Notice 2: This harmonized standard does not confer a presumption of conformity with Article 3(3)(e) of Directive 2014/53/EU if, when applying clauses 6.2.5.1 and 6.2.5.2, users are allowed not to set and use a password.
Notice 3: For the classes or categories of radio equipment covered by clauses 6.1.3, 6.1.4, 6.1.5, or 6.1.6, this harmonized standard does not confer a presumption of conformity with Article 3(3)(e) of Directive 2014/53/EU if, when applying clauses 6.1.3.4.2, 6.1.4.4.2, 6.1.5.4.2, and 6.1.6.4.2, parental or guardian access control is not ensured.
3. EN 18031-3:2024
Common security requirements for radio equipment – Part 3: Internet-connected radio equipment processing virtual money or monetary value.
Notice 1: The sections titled "Rationale" and "Guidance" in this harmonized standard do not confer a presumption of conformity with the essential requirement set out in Article 3(3)(f) of Directive 2014/53/EU.
Notice 2: This harmonized standard does not confer a presumption of conformity with Article 3(3)(f) of Directive 2014/53/EU if, when applying clauses 6.2.5.1 and 6.2.5.2, users are allowed not to set and use a password.
Notice 3: Regarding the assessment criteria set out in clause 6.3.2.4, this harmonized standard does not confer a presumption of conformity with Article 3(3)(f) of Directive 2014/53/EU.
IoT Cybersecurity
Certification for Secure IoT Devices
Starting in 2025, stricter EU regulations will enhance cybersecurity requirements for connected devices. Our certification services ensure compliance with the latest European security standards:
Radio Equipment Directive 2014/53/EU (including Delegated Regulation (EU) 2022/30)
ETSI EN 303 645 – Baseline cybersecurity requirements for consumer IoT
CEN/CENELEC EN 18031 – Security standards for internet-connected radio devices, data processing, and digital transactions
Protect your products, meet strict IT security requirements, and strengthen your market position.