As digital connectivity becomes standard across everyday products—from smart toys to wearables to payment systems—cybersecurity is no longer optional. It’s essential. And starting August 1, 2025, it becomes mandatory for many products sold in the European Union.
The European Union’s Delegated Regulation (EU) 2022/30 formally enforces key provisions of the Radio Equipment Directive (RED) 2014/53/EU, with a particular focus on Articles 3.3(d), (e), and (f). These new cybersecurity requirements are designed to ensure:
- Protection of networks from harmful interference or misuse,
- Safeguarding of personal data and user privacy
- Prevention of fraud and abuse—especially in payment-enabled devices.
Which Products Are Affected?
This isn’t a narrow regulation. If your product includes radio functionality and connects directly or indirectly to the internet, you’re likely within scope. The affected categories include:
- Internet-connected consumer devices
- Smart childcare and toy products
- Wearables
- Virtual payment and transaction equipment
If you manufacture or distribute connected devices in these categories, compliance is not just a best practice, it’s a legal requirement starting next summer.
Understanding EN 18031: The New Harmonized Standard Series
To support manufacturers in demonstrating compliance, the EU published the EN 18031 standards series in early 2025. These standards are now the benchmark for:
- Secure network behavior (EN 18031-1),
- Protection of personal data and privacy (EN 18031-2),
- Fraud prevention in payment-related equipment (EN 18031-3).
Applying these standards grants a presumption of conformity with RED’s cybersecurity requirements, simplifying the path to CE marking.
Notified Body Interpretation & Support
Notified Bodies (NBs) play a critical role in helping manufacturers navigate the compliance pathway—especially when harmonized standards are not applied in full. NBs evaluate product risk, assess cybersecurity protections, and validate conformity for CE marking. Understanding how different bodies interpret the standards can be the key to a smooth market entry.
Where to Start: From Cyber Forms to Phase 1 Evaluation
For many, the process begins with a Phase 1 Cybersecurity Evaluation. This is a structured review of your product’s security posture, radio architecture, software behaviors, and data pathways. Completing the required Cyber Forms initiates this process, and helps map out any required mitigation or design changes well ahead of the enforcement date.
Taking a Secured & Assured Approach
With the August 2025 deadline approaching, the window for proactive planning is now. Working with experienced cybersecurity testing partners can make all the difference in ensuring a successful and stress-free assessment process.
Eurofins Electrical & Electronics has deep experience interpreting RED requirements and supporting manufacturers through every stage of assessment, from early design consultation to final CE marking. If you’re unsure where your product stands or how to begin the compliance process, connecting with a Eurofins engineer can help you navigate your next steps with confidence.
Want to learn more about RED Cybersecurity and EN 18031? Connect with one of our experts.