EU EN 18031 Service Organization

The essential requirements specified in Articles 3.3(d), 3.3(e), and 3.3(f) of Directive 2014/53/EU mandate cybersecurity, personal data privacy, and fraud protection for applicable wireless equipment on the EU market.

The objective is to ensure a higher level of cybersecurity for such devices and enhance consumer confidence.

This requirement will become mandatory on August 1, 2025. Wireless equipment that does not meet the requirements will be prohibited from entering the EU market.

Scope of Products Covered by the Directive:

1.        Article 3.3(d):Internet-connected wireless equipment, such as mobile phones and tablets.

2.        Article 3.3(e):Devices capable of processing personal data, traffic data, and location data:

- Internet-connected wireless equipment;

- Non–internet-connected wireless equipment: childcare devices, wearables, and wireless equipment covered by Directive 2009/48/EC (Toys).

- Article 3.3(f):Internet-connected wireless equipment with value transfer/payment functions, such as POS terminals.

en 18031 as a Harmonized Standard under the RED Directive:

- EN 18031-1:Requirements for Article 3.3(d) of Directive 2014/53/EU.

- EN 18031-2:Requirements for Article 3.3(e) of Directive 2014/53/EU.

- EN 18031-3:Requirements for Article 3.3(f) of Directive 2014/53/EU.

Limitations of EN 18031:

1. Default Passwords

 The standard allows products to be used without setting or using any password, which leaves authentication risks unresolved.

2. Children’s Toys and Monitoring Devices

 Access control methods such as role-based, discretionary, or mandatory access control may be incompatible with parental or guardian controls.

 If parental or guardian controls are not implemented, related authentication risks remain unresolved.

3. Financial Function Devices

 Four implementation categories are specified based on mechanisms such as digital signatures, secure communications, and access controls.

 Using any single method alone is insufficient to safeguard financial assets.

 The evaluation criteria do not adequately address authentication risks.

Compliance Pathways:

- Self-Declaration of Conformity:

Applicable when product assessment does not involve the limitations of the harmonized standard.

JJR Lab in China provides third-party testing services in accordance with EN 18031.

- Third-Party Conformity Assessment:

Required when product assessment involves the limitations of the harmonized standard.

JJR Lab in China offers third-party testing services in compliance with EN 18031.

Accreditation Achievement:

Our group’s laboratories have successfully passed the rigorous audit by the German certification body KL-Certification GmbHand have been officially authorized for the EU EN 18031 cybersecurity standard.