EN 18031-2:2024
(NABL-Accredited Security Testing for Internet-Connected Radio Equipment)
Overview
EN 18031-2:2024 defines cybersecurity requirements for radio equipment that processes personal data, traffic data or location data, including but not limited to: internet-connected radio devices, radio equipment designed or intended exclusively for childcare, toys, and wearable radio equipment.
These requirements align with the RED cybersecurity essential requirement under Article 3(3)(e): “radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected.”
Manufacturers whose products fall into this category must address these cybersecurity aspects ahead of the compliance deadline (1 August 2025).
DeltaPhi Labs offers comprehensive testing services including gap analysis, clause-based evaluation, evidence generation, and technical documentation support tailored for EN 18031-2:2024.
Devices Covered
Internet-connected radio devices that process personal data or location/traffic data
Childcare radio equipment and toys with network connectivity
Wearable radio devices (fitness trackers, smart watches, personal monitoring devices)
Consumer gateways and IoT devices handling user data
Any radio equipment with wireless connectivity intended for EU market that processes personal or associated data
Compliance Standards
Our Testing aligns with
EN 18031-2:2024 – Common Security Requirements
Directive 2014/53/EU (RED) Article 3(3)(d)(e)(f)
ETSI EN 303 645 – Baseline IoT Security
ISO/IEC 27001 – Information Security Management
Related data protection regulations applicable at EU level
Key Benefits
Reduce Risk – Protect your business by hardening Radio Device against cyberattacks
Fast-track testing timelines for manufacturers with launch deadlines
Enhanced Security Posture – Strengthen resilience against exploits, fuzzing, and advanced threats
Full coverage of EN 18031-2 security clauses
Testing and evidence generation suitable for Notified Body or self-declaration
Global Visibility – Standards-aligned testing increases acceptance across international markets
Why Choose Deltaphi Labs?
NABL-accredited and officially recognized security testing laboratory
Fast-Track Testing – Accelerated timelines for OEMs under market pressure
Expertise in EN 18031-1, EN 18031-2, EN 18031-3 and RED cybersecurity
Trusted by Industry – Supporting device vendors, ISPs, and telecom operators for compliance
Clause-wise mapping and regulator-aligned reporting
FAQs – EN-18031-2 Certifications
Q1. Which devices require EN 18031-2 testing?
Radio equipment that processes personal data, traffic or location data — including internet-connected devices, toys, childcare equipment, wearables and consumer IoT products.
Q2. When does EN 18031-2 compliance become mandatory?
The cybersecurity requirements under RED (Article 3(3)(e)) become mandatory from 1 August 2025. EN 18031-2 provides technical guidance to demonstrate compliance.
Q3. What security areas are covered by EN 18031-2?
Access control, authentication, data protection (personal/traffic/location), secure updates/storage, resilience, parental/guardian control where applicable.
Q4. What additional security areas are covered?
Advanced authentication, data protection, cryptography, logging, and resilience for sensitive use cases.
Q5. How long does testing take?
Typical project timelines range from 8 to 10 weeks, depending on product complexity. Fast-track options are available.
Get a Quote – Fast-Track Your Certification
Without EN 18031-2 compliance, devices cannot be CE-marked or legally placed on the EU market.
Deltaphi Labs helps you:
Get quick quotations based on device type and features
Accelerate certification timelines with streamlined test processes
Complete compliance evidence for CE/RED submissions
Contact us today to get a quote and secure your ITSAR certification — ensuring your Radio Device are compliant, resilient, and ready for operator deployment.