In the new era of the Internet of Everything, IoT devices have become an indispensable core carrier for our production and life. The Internet of Things (IoT) technology is developing rapidly and is constantly penetrating into various industries. However, due to the common characteristics of IoT devices such as limited resources and lack of security protection mechanisms, they are easy to become the target of cyber attacks, which may lead to a series of security problems such as data leakage, equipment failure, and network intrusion.

Countries around the world attach great importance to the security of IoT devices and actively plan and layout. This includes promoting IoT security legislation, as well as the development and construction of IoT security standards. For example, the EU's RED Cybersecurity Directive, the United Kingdom's PSTI regulation, Singapore's Cybersecurity Labelling Scheme, etc.

In terms of the EU RED Cybersecurity Directive, since the EU released the draft EN 18031 series of standards in 2023, the laboratory has interpreted the content of the standard in depth for the first time, formulated test plans and plans, and conducted in-depth discussions and research with a number of manufacturers and EU Notified Bodies, carried out thorough testing and verification of IoT device products, and accumulated rich testing experience.

At present, the CTTL-T has completed the thorough testing and verification of a certain Internet of Things device product, and has the ability to test EN 18031 series of standards, which can provide enterprises with network security testing services exported to the EU, professional network security technology interpretation and training services, etc., which can help enterprises complete the design verification in the field of network security and successfully pass the RED certification.

In addition, CTTL-T also has testing capabilities for other international cybersecurity certifications, such as the United Kingdom Product Security and Telecommunications Infrastructure Act (PSTI). We will continue to give full play to our advantages in the field of pan-terminal and network security testing and evaluation, jointly improve the security capabilities of IoT devices, and accelerate the iteration and update of security protection technologies, so as to conform to the trend of rapid development of the IoT industry and help domestic enterprises smoothly enter the global market.

If you would like to consult about the EN 18031 series of standards for cybersecurity testing and certification, please contact us!

Contact:

Wang Yulong 17778102657
wangyulong@caict.ac.cn

Appendix Introduction to the EN 18031 series of standards

(1) The time and background of the standard release

In January 2022, the EU published in its Official Journal (OJ) the Supplementary Delegated Bill 2022/30/EU, introducing compliance requirements under Article 3.3(d), (e) and (f) of the RED 2014/53/EU. The law, which will be mandated from August 1, 2025, aims to improve the cybersecurity of wireless devices, protect the privacy of personal data, and reduce the risk of fraud.

At the end of August 2024, the European standards organization CEN officially released the EN 18031 series of standards, which are divided into three parts, namely EN 18031-1, EN 18031-2 and EN 18031-3, which correspond to the requirements of (d), (e) and (f) of Article 3(3) of the RED Directive, respectively.

(2) Product scope/standard content

The Enabling Act 2022/30/EU covers devices that can communicate (indirectly) via the Internet, either directly or through other devices, and radio equipment that may expose sensitive personal data.

The specific regulatory provisions correspond to the following product ranges:

3.3 (d): Equipment related to network protection

3.3 (e): Radio equipment that processes personal data, traffic data or location data

3.3 (f): Radio equipment that enables the holder or user to transfer money, monetary value or virtual currency as defined in Article 2 (d) of the EU Directive 2019/713

18031 series of standards is divided into three parts:

1. EN 18031-1: General safety requirements for radio equipment - Part 1: Internet-connected radio equipment.

2. EN 18031-2: General safety requirements for radio equipment – Part 2: Radio equipment that processes data, i.e. Internet-connected radio equipment, child care radio equipment, toy radio equipment and wearable radio equipment.

3. EN 18031-3: General safety requirements for radio equipment – Part 3: Internet-connected radio equipment that deals with virtual currency or monetary value.

The standard requires products from four aspects: security assets and threats, network assets and threats, privacy assets and threats, and financial assets and threats.

The requirements of the EN 18031 series of standards and the details of the evaluation criteria and the number of tier requirements will vary as follows: