EMC China Lab

EN 18031 European Union Cybersecurity Certification

Views :
Update time : 2026-06-04

EU RED Cybersecurity Certification, en 18031 Testing, uk psti, Applicable to Consumer IoT Devices, Routers, Optical Modems, Switches, etc.

With the explosive growth of Internet of Things (IoT) devices, security risks in areas such as smart homes, medical devices, and smart cities have risen sharply. To address this challenge, the European Union and the United Kingdom have successively introduced mandatory cybersecurity regulations, requiring manufacturers, importers, and distributors of consumer IoT devices to ensure their products comply with strict security standards. Otherwise, they will face market entry bans, hefty fines, and even legal liabilities.


EU Cybersecurity Certification Services

JJR LAB quickly responds to the market access certification requirements for IoT device cybersecurity: providing manufacturers and brands of consumer IoT devices with consultation on new EU and UK cybersecurity market access certification regulations, and offering one-stop certification services applicable to consumer IoT devices, routers, optical modems, switches, and more.


Regulatory Basis

The EU strengthens the supervision of IoT devices through the Cybersecurity Act and the Radio Equipment Directive (RED).

The UK introduced the Product Security and Telecommunications Infrastructure Act (psti Act), explicitly requiring IoT devices to meet minimum security requirements.

European Union (EU)

  • Regulations & Standards: red directive 2014/53/EU Article 3.3(d)/(e)/(f). For Consumer IoT Devices: EN 18031-1/2/3:2024.

  • Mandatory Implementation Date: August 1, 2025

United Kingdom (UK)

  • Regulations & Standards: PSTI Act:

  1. The UK Product Security and Telecommunications Infrastructure (Product Security) regime.

  2. Product Security and Telecommunications Infrastructure Act 2022 – Part 1.

  3. The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
    For Consumer IoT Devices: ETSI EN 303 645.

  • Mandatory Implementation Date: April 29, 2024


Product Control Scope for Consumer IoT Devices

European Union

Focuses on high-level security and data protection requirements for consumer IoT devices connected to network infrastructure (such as IoT or home networks) and their interaction with related services. Consumer IoT devices include, but are not limited to, the following devices:

  • Connected children's toys and baby monitors

  • Connected smoke detectors

  • Door locks and window sensors

  • IoT gateways, base stations, and hubs connecting multiple devices

  • Smart cameras

  • Televisions and speakers

  • Wearable health trackers

  • Connected home automation and alarm systems, especially their gateways and hubs

  • Connected appliances, such as washing machines and refrigerators, and smart home assistants

United Kingdom

Connectable products refer to products that can connect to the internet or a network. The control scope includes:

  • Children's toys and baby monitors

  • Security products (smoke detectors, door locks, alarms, etc.)

  • Cameras, televisions, and speakers

  • IoT gateways, base stations, and hubs connecting multiple devices

  • Home automation systems

  • Medical devices equipped with software

  • Wearable health trackers

  • Base stations and hubs

  • Tablets and laptops designed specifically for children under 14 years old

  • Tablets with cellular connectivity capabilities

  • Outdoor leisure products

  • Connected appliances, such as washing machines and refrigerators, and smart home assistants


Cybersecurity Assessment Content and Process for Consumer IoT Devices

1. Main Requirements of Cybersecurity Standard EN 18031:

(Based on 2014/53/EU Article 3.3(d)/(e)/(f) / EN 18031-1 / EN 18031-2 / EN 18031-3)

Article 3: Section 3.3(d): en 18031-1:2024

  • Requirements: Radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service.

  • Controlled Product Examples: General internet-connected radio devices, such as routers, televisions, smart speakers, and smart home appliances.

Article 3: Section 3.3(e): EN 18031-2:2024

  • Requirements: Radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected.

  • Controlled Product Examples: Data processing equipment, wireless childcare devices, and wearable devices.

Article 3: Section 3.3(f): EN 18031-3:2024

  • Requirements: Radio equipment supports certain features ensuring protection from fraud.

  • Controlled Product Examples: Network virtual currency payment devices, such as POS machines and cash register equipment.

Significance of Cybersecurity Assessment for IoT Devices

  • The significance of cybersecurity assessment for IoT devices lies in safeguarding the security of IoT devices and networks, preventing malicious attacks and data breaches, and ensuring the information security of users and enterprises.

  • By evaluating the cybersecurity of IoT device hardware and related services, potential security vulnerabilities and risks are discovered, allowing for timely measures to strengthen security protections and improve the system's safety and stability.

  • It helps enterprises and users understand the security performance of IoT device hardware and related services, enabling them to select safer and more reliable devices, mitigate security risks, and protect personal privacy and corporate confidential information.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
What is the UL998 Testing Process for Household Hu What is the UL998 Testing Process for Household Hu
07 .18.2026
To list humidifiers on US platforms, compliance with the UL998 testing standard is mandatory for saf...
Children's Rubik's Cube US CPC Certification Stand Children's Rubik's Cube US CPC Certification Stand
07 .18.2026
Exporting children‘s Rubik‘s cubes to the US requires a CPC. JJR LAB provides testing for core stand...
US Magnet Products 16 CFR 1262 Regulation GCC Cert US Magnet Products 16 CFR 1262 Regulation GCC Cert
07 .18.2026
US CPSC mandates a GCC for magnet products via 16 CFR 1262 or ASTM F963 standards (flux <50 kG²mm...
Required Certifications for EU Balloon Exports: EN Required Certifications for EU Balloon Exports: EN
07 .18.2026
Exporting balloons to the EU requires CE marks. JJR LAB provides complete EN71-1, EN71-2, EN71-3, an...
Amazon Canada Baby Bottles and Teats SOR/2016-180 Amazon Canada Baby Bottles and Teats SOR/2016-180
07 .18.2026
JJR LAB provides compliance testing for Amazon Canada baby feeding products (SOR/2016-180 for nipple...
Global Export Certification Standards for Electric Global Export Certification Standards for Electric
07 .17.2026
Exporting electric fans globally requires CE, FCC, UL, and CCC certifications. Key standards: IEC/EN...
U.S. CPSC Consumer Product Standards & Require U.S. CPSC Consumer Product Standards & Require
07 .17.2026
US CPSC regulations ensure consumer product safety through strict test standards like 16 CFR and AST...
US Baby Diaper Changing Table ASTM F2388-21 / 16 C US Baby Diaper Changing Table ASTM F2388-21 / 16 C
07 .17.2026
To sell US baby diaper changing tables on Amazon, products must pass ASTM F2388-21 and 16 CFR 1235 s...

Leave Your Message