What EN 18031 Means for Manufacturers Navigating the Radio Equipment Directive

What Is EN 18031 and Why Does It Matter Now?

EN 18031 was harmonized under the Radio Equipment Directive (RED) in March 2025, introducing a new compliance benchmark for manufacturers of wireless-enabled products in the EU. It expands focus beyond emissions to include receiver performance under interference, making it a pivotal update for anyone working with short-range radio devices, IoT systems, and embedded RF modules.

EN 18031 supports Article 3(3) of RED, aimed at ensuring efficient spectrum use and receiver robustness, particularly in dense or mission-critical environments. The standard was formally listed in the Official Journal of the European Union in January 2025, giving it harmonized status. and triggering a likely 12-month transition window. Manufacturers should verify the exact timeline through official EU channels or directly with their Notified Body (NB).

What Has Changed in the Radio Equipment Directive?

Compared to legacy standards like EN 301 489-1 and -17, EN 18031 introduces:

• Mandatory receiver sensitivity and blocking tests

• Increased focus on coexistence in shared spectrum

• Expanded technical file documentation

• Risk analysis integration under Annex I of RED

This reflects a broader shift in RED: manufacturers must now prove devices work reliably in crowded radio conditions — not just that they don’t emit harmful interference.

Who Is Affected by the New Standard?

EN 18031 applies to a wide range of internet-connected radio equipment marketed in the EU, including:

• Consumer IoT (e.g., smart plugs, thermostats)

• Industrial wireless sensors and HMIs

• Bluetooth- and Zigbee-enabled modules

• Connected healthcare monitors

• Smart home and building automation systems
  

If your product integrates a transceiver and operates within common frequency bands, you will likely need to demonstrate EN 18031 compliance.

Core Compliance Requirements of EN 18031

To meet the new standard, manufacturers must show:

• Receiver performance against adjacent-channel interference

• Control of spurious emissions and harmonics

• Justified risk mitigation strategies

• Functional validation under real-world interference scenarios
  

These requirements go beyond emissions and immunity — they require documented performance in adverse RF environments.

Overlap with EMC Testing and EN 301 489-1/-17

EN 18031 doesn’t replace EN 301 489 standards — it adds to them.

• EN 301 489-1/-17 remain essential for generic EMC compliance

• EN 18031 introduces functional receiver performance expectations
  

For full RED conformity, products must be tested to both. GME can help you integrate these test scopes effectively during development. Specifically, GME partners with XtraByte Consulting, LLC, a software development and testing company with the ability to provide penetration tests, crypto implementation checks and exploit replications to for cybersecurity audits.

For background on how emissions and immunity standards differ, see our technical comparison of EMI vs. EMC.

What Are Manufacturers Saying About the Transition?

We asked one of our wireless manufacturing clients how EN 18031 is shaping their compliance strategy:

Manufacturers are indicating the importance now of “baking mandatory threat modelling, security-by-design controls and detailed technical documentation into their compliance roadmaps from the earliest stages of development.”

From a test laboratory approach, we need to get ready to reorganize plans around EN 18031’s cascade-style decision trees and attack scenarios—shifting from generic functional checks to targeted penetration, privacy and fraud-resilience trials that mirror real-world threat paths.

In particular, we’ll rely heavily on our trusted partner, XtraByte Consulting, LLC, to complement GME’s capabilities with deep-dive cybersecurity analysis and tooling — especially for advanced RED Article 3.3 requirements.

How to Prepare for EN 18031 Compliance

To get ahead of this shift:

• Review your product portfolio for radio-enabled SKUs

• Conduct a gap analysis against EN 18031 requirements

• Update test plans to include blocking/immunity scenarios

• Refresh technical files with new documentation elements

• Work with labs that can test both EN 301 489 and EN 18031 criteria

• Work with labs and Notified Bodies to ensure readiness, especially where harmonized standards are still pending or evolving

GME is actively guiding clients through this exact process — with fast turnaround and engineer-to-engineer support.

What About Ongoing Cybersecurity Maintenance?

In addition to meeting EN 18031 receiver performance criteria, manufacturers must now demonstrate proactive cybersecurity safeguards under RED Articles 3.3 (d), (e), and (f). These include:

• Protecting personal data handled by the radio equipment

• Preventing unauthorized access or control over devices

• Minimizing fraud risks in wireless communications

Even after certification, products must support ongoing software updates and risk monitoring to maintain compliance — and one that’s emphasized in the European Commission’s RED compliance guidance, especially for connected devices subject to Article 3.3 security requirements.

What Surprised Manufacturers in Their EN 18031 Gap Reviews?

The transition isn’t always predictable. We asked our client what unexpected challenges came up during their compliance audits — and several recurring paint-points have surfaced when running an EN 18031 gap review. The most prominent include:

• “Publicly-known exploitable vulnerability” test is murky – Teams struggle to decide when a CVE crosses the EN 18031 threshold and to maintain a living SBOM/HBOM accurate enough for continuous screening.

• Legacy products lack secure-update hooks – Bringing fielded devices into scope often demands adding secure bootloaders, signed OTA update paths and key-management procedures that were never budgeted for in the original design.

• Documentation depth – The standard demands threat-model narratives, risk justifications and vulnerability-treatment logs that go well beyond typical technical files. Many firms only uncover these gaps late in the review.

• Scope creep from “indirect internet connection” – Devices that only talk via BLE/Zigbee to a gateway are still in scope. This has caught marketing and compliance off-guard, forcing unplanned extra product lines into the review.

Why Early Testing Matters for EN 18031

Receiver performance issues are often invisible until final testing. Waiting too long can mean:

• Delays from failed blocking or coexistence tests

• Expensive board or firmware changes

• Lost launch opportunities

As highlighted in our guide to early-stage RF testing, incorporating these checks into the design phase saves both time and money.

How Are Companies Interpreting the Harmonization Timeline?

Manufacturers are now navigating the shift from older standards to EN 18031. We asked our client how they’re planning the transition and what they’re hearing from labs or Notified Bodies:

As of August 1, 2025, the RED cyber clauses with restrictions — covering password use, parental control, reliance on guidance notes, and any device that handles monetary value — will become mandatory for all radio equipment placed on the EU market.

Additional “edition 2” amendments to EN 18031 and EN 18035 are being drafted to clarify or narrow these restrictions, with a Q4 2025 CEN vote tentatively expected and an OJEU citation likely in early 2026.

Notified Bodies point out that teams may still self-declare under EN 18031 — but only if they can fully document how their design avoids the four restricted clauses. In those cases, presumption of conformity still applies under the RED.

However, if any of the restricted clauses apply, manufacturers must include penetration testing, parental-control validation, and a full NB certificate under RED Article 3(3)(d)–(f) as part of their technical file.

TÜV SÜD notes that “with restrictions” means many IoT and payment devices still need NB review, and urges companies to book slots early to avoid a pre-deadline bottleneck. Similarly, REDCA recommends budgeting six to eight weeks for the NB review cycle.

Essentially, EN 18031 is now usable for self-declaration — but only if your design sidesteps the four restricted clauses. Otherwise, a Notified Body is still required, and every NB is signaling that lead times will tighten as the August 1, 2025 deadline approaches.

Experts recommend starting EN 18031 programs with scoping workshops, SBOM clean-ups and an early Notified Body pre-assessment — before any lab time is booked.

What Other Regulations Should You Watch?

While EN 18031 focuses on radio receiver performance, it's part of a broader regulatory evolution in the EU. Manufacturers should be tracking:

• The EU Cyber Resilience Act, which will introduce horizontal requirements for connected device security across all sectors

• Updates to RED cybersecurity mandates, especially once harmonized standards are published

• Growing emphasis from Notified Bodies on risk-based documentation and cyber-physical threat modeling

These frameworks reinforce a shift from static testing to continuous assurance — and GME is already supporting clients in aligning their testing plans accordingly.

Turning Compliance into a Strategic Advantage

EN 18031 isn't just a new line in the RED — it's a shift in how the EU defines product readiness. By focusing on receiver functionality under real-world interference, it raises the bar for wireless reliability and performance.

Manufacturers who act early can reduce redesign costs, accelerate launches, and position their products as trusted, resilient, and future-ready. That’s not just compliance — it’s market leadership.

If you're ready to test your next radio-enabled product to EN 18031, GME's accredited lab and expert engineers are here to help. 

Schedule a Compliance Review Today