Internet-connected product manufacturers: Are you ready for the EU’s new Radio Equipment Directive cybersecurity requirements?

The clock is ticking for manufacturers of internet-connected devices. From 1 August 2025, the EU’s enhanced cybersecurity requirements under the Radio Equipment Directive (RED) will become mandatory. These changes may necessitate compliance with the new EN 18031 standards, which focus on network protection, data security, and fraud prevention.

Failing to comply doesn’t just mean missing a box on a checklist—it could mean losing access to one of the world’s largest markets. With time running out, manufacturers must act now to secure their place in the EU market and ensure compliance with the new RED cybersecurity requirements.

Understanding the RED and EN 18031 standards

The Radio Equipment Directive ensures the safety, performance, and interoperability of wireless devices in the EU. The introduction of the EN 18031 standards represents a significant shift towards prioritising cybersecurity, addressing three critical areas:

1. Network protection: Devices must not disrupt networks or misuse resources.
2. Data protection: Safeguards must protect personal data and user privacy.
3. Fraud prevention: Mechanisms must exist to prevent unauthorised transactions.

These measures apply to a wide range of product categories, including:

• Consumer electronics such as smartphones, tablets, and wearables.
• IoT and smart devices like connected home systems and industrial equipment.
• Payment and financial devices, including wireless payment systems.
• Digital and connected fire equipment, such as IoT-enabled alarms and lighting.
• Entertainment and educational products, including gaming consoles and e-readers.
• Transportation and safety devices like vehicle telematics and keyless entry systems.
• Communication and networking devices, such as Wi-Fi routers and Bluetooth hubs.

Manufacturers in these categories must ensure their devices meet the required standards to maintain market access.

Why manufacturers can’t wait

While the EN 18031 standards were published in August 2024, the harmonisation process is still ongoing. Waiting for full harmonisation could leave manufacturers with only a narrow window to prepare—potentially as little as six months before the compliance deadline.

For organisations with extensive product lines, this timeline could become unmanageable. Prioritising certain products for compliance while delaying others may be the only viable solution for those who act late. Compliance involves detailed risk assessments, testing, and documentation—none of which can be rushed to meet the new cybersecurity requirements.

Steps manufacturers must take now

To stay ahead of the 1 August 2025 deadline, manufacturers should:

1. Identify products in scope: Assess your product portfolio to determine which products fall under the RED’s cybersecurity requirements.
2. Conduct risk assessments: Update or create assessments focusing on network security, data protection, and fraud prevention.
3. Determine applicable standards: Identify which parts of EN 18031 apply to your products.
4. Test early: Conduct gap analyses and conformity testing to uncover and address non-compliance issues.
5. Engage market access experts: Work with experienced partners, such as BSI, to navigate the compliance process.
6. Prepare documentation: Ensure technical files and declarations of conformity are ready for CE marking.

How BSI can support your compliance journey

With decades of experience in product testing and certification, BSI is at the forefront of helping manufacturers meet the EU’s evolving requirements. As experts in product cybersecurity testing, including testing to standards such as EN 303 645 and EN 18031, BSI offers:

• Conformity testing: Rigorous evaluations to ensure compliance.
• Gap analysis: Identification and resolution of non-compliance areas.

BSI’s advanced laboratories and global presence ensure manufacturers can achieve RED compliance efficiently, securing their position in the EU market.

Secure your market access with BSI’s guide

The journey to RED compliance can be complex, but BSI’s comprehensive guide simplifies the process. Our guide includes detailed information on EN 18031 requirements, a thorough overview of product ranges expected to require RED testing, and a RED readiness checklist to help you assess your products and streamline compliance.

Don’t wait—download the guide today and take the first step towards securing your EU market access before the 1 August 2025 deadline.

Download BSI’s RED guide and readiness checklist and visit our dedicated webpage.