Skip to content
Search our site  
    June 18, 2024

    CE marking cybersecurity - The new standard

    Ever since EU announced that the Radio Equipment Directive would implement cybersecurity as a mandatory requirement for CE marking from 1 August 2024, the big question has been whether a standard would be published in time.
    Despite big effort of CENELEC it became clear that the original publishing date of December 2023 would not be obtained. Following this the date of the standard was delayed to 30 June 2024 and the RED implementation to 1 August 2025.
    Again, the 30 June 2024 date has been postponed to 30 August 2024, but this time it is expected to stand firm.

    The new standard is here?

    On May 2024 the final draft of the standard series EN 18031 was issued and sent to the member states for voting. It is now expected to be published without any changes by 30 August. This means that developers, compliance managers, retailers and others finally will have a European standard specifically addressing the RED.

    The EN 18031 series

    The cybersecurity requirements of RED are divided into 3 main parts, each being addressed by one standard in the EN 18031 series:

    Protection of Network  RED article 3.3 (d EN 18031-1
    Privacy RED article 3.3 (e EN 18031-2
    Monterey fraud RED article 3.3 (f EN 18031-3

    EU – the final obstacle

    However, even after the EN 18031 series has been published, there is till one more issue – EU.

    In order for a standard to be used to demonstrate compliance to a directive, it is to be approved by EU as a standard meeting the essential requirements of the Directive, and to be listed in the and listed in the EU Official Journal (OJ). Now, representatives from EU have in meetings with the RED Notified Bodies ensured that they will do all their powers to have the standards ratified as soon as possible. They are working in parallel with the ongoing voting process to reduce the time and they were optimistic as to a final stamp of approval shortly after the publishing date of the standard.

    So, what now?

    Both Notified Bodies and manufacturers are clear that the standard will be put into use as soon as it is published – and many have already started using the standards. There is of course a chance that the EU consultants will have some alterations made in the harmonized standards, but any such changes are expected to be minor, and that this delta can be solved separately.

    Nemko has experience both with EN 18031 already as well as long experience with the standard most used today ETSI EN 303 645 and is also a RED Notified body.


    Are your products within the scope of RED?

    Book a free online meeting  with a cybersecurity expert, and we’ll help you find out.



    Geir Hørthe

    Geir Hørthe is responsible for the Nemko cyber security initiative. He has worked at Nemko for more than 30 years, in the capacity of test services, lab manager of safety, ATEX and medical departments. He has also been Managing Director at the Nemko office in London for two years. After he returned to Norway, he held...

    Other posts you might be interested in