NEW CYBER SECURITY REQUIREMENTS in European Union
Why Cyber Security?
There are many reasons why cyber security is important, for example:
- Protection of sensitive data
- Protection of personal privacy
- Preventing of financial loss
Therefore the EU commission decided already many years ago that devices that are connected to the internet must fulfil specific requirements towards Cyber Security in the European Union.
When will it become applicable?
The Cyber Security requirements (RED Article 3.3) will become applicable on
1. August 2025
This date has been postponed already several times in the past, but now it seems final.
Don’t wait, start now!
BlueQ Services is your reliable partner and will guide through the assessment process
Which devices are affected?
ANY Device which is connected to the internet (direct or indirect)
The definition of devices per the RED includes devices that are internet connected or devices that process data with connectivity, such as:
- 2G/3G/4G/5G-enabled devices
- Wi-Fi-enabled devices
- Bluetooth®-enabled devices
- Radar equipment
- Televisions and radio receivers
- RFID devices
What are the requirements?
Radio Equipment Directive (2014/53/EU)
Article 3 -Essential requirements
Article 3.3
(d) Radio equipment does not harm the network or is functioning nor misuse network resources, thereby causing an unacceptable degradation of service;
(e) Radio equipment incorporates safe guards to ensure that the personal data and privacy of the user and of the subscriber are protected;
(f) Radio equipment supports certain features ensuring protection from fraud
Which Standards can be used?
We recommend using the EN 18031 and their related parts
EN18031-1: Common security requirements for radio equipment
Internet connected radio equipment
EN18031-2: Common security requirements for radio equipment
radio equipment processing data, namely Internet connected radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment
EN18031-3: Common security requirements for radio equipment
Internet connected radio equipment processing virtual money or monetary value
What is the assessment procedure to comply with Article 3.3 d, e, f?
Why do I need a Notified Body assessment?
The EN 18031-x is the most suitable standard, although it is not yet harmonized by the European Commission.
This means that you need a Notified Body assessment when following Module B as assessment procedure once the standard is harmonized.
How do we support you?
Our experts are supporting you in all the consulting, preparation and testing phase. We help you with the risk assessment and define which of the Article 3.3 d, e or f are applicable for your device. We will guide you through the decision trees which will define the necessary testing later. Once all required information based on the decision trees is complete, we will perform the assessment and testing in our ISO 17025 accredited partner laboratories and apply for the Notified Body assessment on your behalf. Finally, you will receive the Type Examination Certificate which will allow you to sign your CE Declaration of Conformity.
Cyber Security
Radio equipment
- does not harm the network or its functioning nor misuse network resources (Article 3.3d)
- incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected (Article 3.3e)
- supports certain features ensuring protection from fraud (Article 3.3f)
| Standard | Description | Applicability |
|---|---|---|
| EN 18031-1 | Common security requirements for radio equipment - Part 1: Internet connected radio equipment | All Radio Devices connected to the internet (direct or indirect) |
| EN 18031-2 | Common security requirements for radio equipment - Part 2: radio equipment processing data, namely Internet connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment | All Radio Devices connected to the internet AND storing or handling private data |
| EN 18031-3 | Common security requirements for internet connected radio equipment that equipment enables the holder or user to transfer money, monetary value or virtual currency. This document provides technical specifications for radio equipment processing virtual money or monetary value, which apply to electrical or electronic products that are capable to communicate over the internet, regardless of whether these products communicate directly or via any other equipment. | All Radio Devices connected to the internet AND supporting any money, monetary or virtual currency transactions |