The EU will introduce a new version of the EN 18031 standard on August 30, 2024, aimed at enhancing the cybersecurity of radio equipment. Developed by the CEN-CENELEC JTC 13/WG 8 working group, this standard encompasses three parts to address the core security requirements of radio devices. Here are the detailed aspects of the EU cybersecurity standard:
Standard Preparation Status
The preparation of the EN 18031 standard is nearing completion, currently in the final voting stage, expected to conclude on July 5, 2024. Throughout the drafting process, the committee received over 3,000 comments by the end of 2023. These comments were processed within 13 weeks. Additionally, the working group held multiple meetings and editing sessions to ensure the quality and completeness of the standard. Finally, the committee prepared the final draft for voting and adoption.
Expected Launch Date
The official text of the standard is expected to be published on August 30, 2024. This will provide manufacturers and other stakeholders with 11 months to assess and implement the requirements to comply by the effective date of August 1, 2025.
Standard Structure
The EN 18031 standard is divided into three parts:
FprEN 18031-1: General security requirements for network-connected radio equipment.
FprEN 18031-2: General security requirements for data-processing radio equipment (e.g., network-connected radio devices, childcare equipment, toy devices, and wearable devices).
FprEN 18031-3: General security requirements for network-connected radio equipment handling virtual currency or monetary value.
Summary of Standard Content
The new EN 18031 standard covers several key security mechanisms, including:
Access Control Mechanism (ACM)
Authentication Mechanism (AUM)
Secure Update Mechanism (SUM)
Secure Storage Mechanism (SSM)
Secure Communication Mechanism (SCM)
Logging Mechanism (LGM)
Deletion Mechanism (DLM)
User Notification Mechanism (UNM)
Resilience Mechanism (RLM)
Network Monitoring Mechanism (NMM)
Traffic Control Mechanism (TCM)
Cryptographic Key Mechanism (CCK)
General Equipment Capabilities (GEC)
Cryptography (CRY)
These mechanisms aim to ensure the security of radio devices, covering various aspects from access control and authentication to secure communication and storage. Each mechanism includes specific requirements and evaluation criteria to ensure the devices can withstand various cyber threats.
Moreover, the standard emphasizes the requirements for technical documentation, the application of decision trees, and the introduction of implementation categories, all of which contribute to improving the applicability and effectiveness of the standard.
(Source: CEN/CLC/JTC 13/WG 8 - REDCA update, 2024-05-17)
Comments