BS EN 18031-3-2024 PDF

Full title and description

BS EN 18031-3:2024 — Common security requirements for radio equipment — Part 3: Internet connected radio equipment processing virtual money or monetary value. This part of EN 18031 defines security and anti‑fraud measures for radio devices and systems that handle virtual currency, payments or other monetary value transfers.

Abstract

This standard specifies technical and organizational security requirements to reduce the risk of fraud and unauthorized transfer of monetary value by internet‑connected radio equipment. It addresses transaction integrity, authentication, secure key and credentials management, tamper protection, secure software/firmware update mechanisms, logging and audit, and measures to limit abuse or monetization by attackers while taking account of user privacy and usability.

General information

• Status: Current / Active (published as a British adoption of the EN text).
• Publication date: August 16, 2024 (BS edition published 2024).
• Publisher: BSI (as BS EN) — original EN text developed under CEN/CENELEC processes.
• ICS / categories: 33.060.20 (Receiving and transmitting equipment); 35.030 (IT security).
• Edition / version: 2024 (first published edition as EN part 3, adopted as BS EN 18031-3:2024).
• Number of pages: 190 pages (approx.).

Publication details and bibliographic metadata as published in national adoption catalogues and standards stores.

Scope

Part 3 of EN 18031 applies to internet‑connected radio equipment (devices, modules or systems) that process virtual money, monetary value or perform monetary transactions. The scope covers design and lifecycle requirements intended to prevent or mitigate fraud and theft of monetary value, protect transaction integrity, and provide mechanisms for secure updates, logging and recovery. The EN 18031 series is intended to support conformity with the Radio Equipment Directive (RED) cybersecurity requirements, particularly the provisions addressing fraud and monetary transactions under Article 3(3)(f).

Key topics and requirements

• Authentication and strong user/device identity management for transaction initiation and approval.
• Anti‑fraud controls: limits, transaction approval flows, anomaly detection and rate limiting.
• Secure key and credential management (storage, rotation, protection against extraction).
• Cryptographic requirements for confidentiality and integrity of monetary transactions.
• Secure boot, tamper resistance and detection for devices handling monetary value.
• Secure firmware/software update mechanisms with integrity verification and rollback protections.
• Logging, audit trails and evidence retention sufficient to support incident analysis and dispute resolution.
• Requirements to prevent unauthorized transfer of monetary value and minimize single‑point compromise risks.
• Privacy considerations when transaction or user data is processed; minimization and protection of personal data.
• Guidance on usability and failure modes to avoid unsafe or insecure transaction workflows.

Typical use and users

Manufacturers and designers of consumer and industrial radio equipment that perform or enable monetary transactions (for example IoT payment terminals, connected vending, wearable payments, gaming devices with in‑app monetary transfers), product security and compliance engineers, conformity assessment bodies, notified bodies, testing laboratories, procurement and risk teams, and certification managers will use this standard when designing, assessing or certifying devices that process virtual money or monetary value.

Related standards

EN 18031-1 and EN 18031-2 (other parts of the EN 18031 series covering network protection and personal data/privacy respectively), ETSI EN 303 645 (consumer IoT security baseline), ISO/IEC 27001 (information security management), and industry payment security frameworks or regional payment regulations. EN 18031 is published as a harmonised standard to support RED conformity where applicable.

Keywords

EN 18031-3, BS EN 18031-3:2024, radio equipment security, payment security, virtual currency, anti‑fraud, IoT security, firmware update, transaction integrity, cryptographic key management, RED compliance.

FAQ

Q: What is this standard?

A: BS EN 18031-3:2024 is the British adoption of EN 18031‑3 (2024), which sets common security requirements for internet‑connected radio equipment that processes virtual money or monetary value, focusing on fraud prevention and secure transaction handling.

Q: What does it cover?

A: It covers design, implementation and lifecycle security measures for devices and systems that handle monetary transactions or virtual currency — including authentication, cryptography, tamper protection, secure updates, logging and measures to prevent unauthorized transfers of value.

Q: Who typically uses it?

A: Device manufacturers, security architects, compliance teams, test laboratories, notified bodies, and certification or regulatory teams responsible for market access in jurisdictions that reference EN standards for radio equipment.

Q: Is it current or superseded?

A: It is current. The EN 18031 series (parts 1–3) has been published and the suite has been adopted as harmonised standards supporting the Radio Equipment Directive; the EN 18031 series was listed in the EU Official Journal in early 2025 and is applicable under RED timelines for cybersecurity requirements. Manufacturers should confirm harmonisation status and any restrictive notes for specific product categories when claiming presumption of conformity.

Q: Is it part of a series?

A: Yes — EN 18031 is a multi‑part series. EN 18031‑1 and EN 18031‑2 cover complementary cybersecurity topics (network protection and personal data/privacy protection); Part 3 focuses on fraud and monetary‑value protection.

Q: What are the key keywords?

A: Virtual money, monetary value, anti‑fraud, radio equipment, IoT, payment security, transaction integrity, cryptography, secure update, logging, RED compliance.