Answer
To comply with the cybersecurity requirements outlined in Articles 3.3 (d), (e), and (f) of the Radio Equipment Directive (RED), manufacturers should focus on the following key areas:
- Network Protection (Article 3.3(d)):
Ensure that radio equipment does not harm the network or its functioning, nor misuse network resources, thereby preventing unacceptable degradation of service. - Data Protection and Privacy (Article 3.3(e)):
Implement safeguards to protect personal data and user privacy during communication. - Fraud Prevention (Article 3.3(f)):
Incorporate measures to reduce the risk of fraud, particularly in devices handling monetary transactions.
The EN 18031 series of standards, comprising EN 18031-1, EN 18031-2, and EN 18031-3, provides a foundational framework for addressing these requirements:
- EN 18031-1: General cybersecurity requirements for internet connected Radio Equipment.
- EN 18031-2: Specific requirements related to internet connected Radio Equipment that is passing personal data, or Radio Equipment that is wearable or child’s toy.
- EN 18031-3: Requirements for internet connected Radio Equipment that is passing data of monetary value.
While EN 18031 serves as an important basis for achieving compliance, it is not yet harmonized under RED, meaning manufacturers will need to work with Notified Bodies for conformity assessments. These standards provide detailed guidance on what needs to be implemented for RED Article 3.3 compliance.
For detailed instructions on aligning your products with EN 18031, manufacturers can refer to the standards directly or consult with a Notified Body to ensure all specific requirements are addressed. Relevant updates on harmonization and additional compliance resources can also be accessed through the European Commission's website:
Radio Equipment Directive - European Commission
By integrating EN 18031 into product development processes and working closely with conformity assessment bodies, manufacturers can meet RED cybersecurity requirements effectively.