The new EN 18031 set of standards which are needed to demonstrate conformity to the upcoming IoT cyber security laws in RED, have finally been cited (with restrictions) in the OJEU* meaning that they can go a long way to provide a presumption of conformity to the RED cyber security articles 3.3 d, e, and f once the product has been tested against them.
This comes after months of discussions between the EC and standards body CEN/CENELEC whose industry working groups (which includes SafeShark), created the standards.
However, not all the comments that the EC raised as concerns regarding the EN 18031 standards could be resolved during the discussions which means the standards have some restrictions and cannot fully be taken as providing conformity depending on the product.
These restrictions relate to categories such as password strengths, parental or guardian access controls, and in the case of 18031-3 for products that support financial transactions, assessment criteria of secure updates. The full details of the implementation decision can be read here.
As such, a Notified Body will be required to sign off any elements of the product test results that relate to the restrictions, which in the case of 18031-3 will be likely mean all products.
For 18031-1 and 18031-2 it will be required to check whether the restrictions apply to the product under test and therefore whether a Notified Body assessment will be required.
SafeShark can test all the EN 18031 standards at our Central London test lab and works with Notified Body KL Certification to provide you with clear and accurate guidance as to whether Notified Body certification is required.
Due to our unique automated cyber security test platform, templates for completing pre-test information, example documents for a typical IoT device, and detailed knowledge of the standards, our test service is fast, efficient, and cost effective.
Book your product in for testing today and ensure you're ready for RED cyber security which comes into effect on the 1st Aug 2025
*The OJEU is the Official Journal of the EU which is essentially an index of standards that can be tested against to demonstrate conformity to the various articles of RED which cover criteria such as health and safety, EMC, RF and spectrum, and from 1st Aug 2025 - cyber security
