What is EN 18031 Cybersecurity?

What is the en 18031 Cybersecurity Standard?

Starting from August 1, 2025, the EU will enforce the EN 18031 standard mandatorily. All connected radio equipment must pass triple certifications for cybersecurity, privacy protection, and anti-fraud; otherwise, their sale will be prohibited. Ranging from smartphones to payment terminals, the EN 18031 standard has become an indispensable pass to access the European market. It is not only a technical specification but also the core embodiment of meeting the cybersecurity clauses in the CE-RED Directive.

01 Standard Meaning

EN 18031 is a harmonized cybersecurity standard formULated by the EU under the framework of the CE-RED Directive for radio equipment (especially products with encryption functions). Its core purpose is to ensure that wireless devices put on the EU market have strong data protection capabilities and cybersecurity resilience, safeguarding user privacy and network integrity.

02 Applicable Products

This standard mainly applies to all radio equipment that requires CE-RED certification and involves data processing, especially:

①　Wireless communication devices: such as 4G/5G terminals, Wi-Fi routers, Bluetooth devices

②　Internet of Things (IoT) products: such as smart home devices, smart wearable devices, industrial IoT sensors

The table below clearly lists their applicable conditions for your quick reference:

03 Scope of Applicable Products

The EN 18031 standard applies to all radio equipment with wireless connection functions that involve data processing or financial transactions.

It specifically includes the following three categories:

Connected Devices

①　Consumer electronics: smartphones, tablet computers, smart watches, Bluetooth speakers, Wi-Fi routers

②　Smart homes: connected refrigerators, air conditioners, cameras, voice assistants (e.g., Amazon Echo)

③　Vehicle-mounted devices: vehicle infotainment systems, remote control modules, autonomous driving components

④　Industrial IoT: sensors, RFID tags, industrial gateways

Privacy Data Devices

①　Children's devices: baby monitors, smart toys (e.g., dolls with voice interaction)

②　Wearable devices: fitness trackers, medical bracelets

③　Mobile terminals: TWS earphones, portable hotspots

④　Security devices: home cameras, GPS trackers

Financial Transaction Devices

①　Payment terminals: POS machines, ATMs

②　Cryptocurrency devices: cold wallets, virtual currency transaction terminals

③　Financial service devices: smart card readers that support fund transfers

Special Notes

①　EN 18031-3: For financial products applicable to EN 18031-3, regulations require third-party evaluation by a notified body instead of relying solely on self-declaration.

②　Exemption situations: Some product categories are explicitly exempted, mainly including devices governed by other specific regulations, such as medical devices, aviation equipment, certain vehicle emergency systems, and road toll systems.