BS EN 18031-2-2024 PDF

Full title and description

BS EN 18031-2:2024 — Common security requirements for radio equipment — Part 2: radio equipment processing data, namely Internet-connected radio equipment, childcare radio equipment, toys radio equipment and wearable radio equipment. This British adoption of the European standard defines baseline cybersecurity and data-protection requirements for radio devices that process personal, traffic or location data and that are capable of communicating over the internet (directly or via other equipment).

Abstract

Part 2 of EN 18031 specifies technical security and privacy measures for radio equipment that handles personal/traffic/location data — including requirements for authentication, secure communication, firmware integrity and update mechanisms, data protection safeguards, and protections against misuse of network resources. The document is intended to help manufacturers demonstrate conformity with updated Radio Equipment Directive requirements related to cybersecurity and data protection.

General information

• Status: Current / Published.
• Publication date: August 2024 (published as EN 18031-2:2024).
• Publisher: British Standards Institution (BSI) — BS adoption of EN 18031-2 (origin: CEN).
• ICS / categories: 33.060.20 (Receiving and transmitting equipment); 35.030 (IT security / cybersecurity).
• Edition / version: Edition 1.0 — EN 18031-2:2024 adopted as BS EN 18031-2:2024.
• Number of pages: Approximately 220 pages (commercial listings report ~220–226 pages).

Scope

The standard applies to radio equipment that processes personal data, traffic data or location data and that is either internet-connected radio equipment or radio equipment specifically intended for childcare, toys or wearable applications. It provides technical specifications and common security requirements to mitigate threats to network protection, user privacy and fraud risks. The scope excludes certain network infrastructure used by providers of public electronic communications networks as defined in relevant EU legislation.

Key topics and requirements

• Baseline security controls for device identity, authentication and authorization.
• Requirements for secure communications (e.g., encryption and integrity protections for data in transit).
• Firmware/software integrity and secure update mechanisms (rolling updates, authenticity checks).
• Data protection measures for personal/traffic/location data, including minimization and storage protections.
• Network-protection requirements to prevent misuse or degradation of public networks.
• Resilience against common attack vectors (e.g., unauthorized access, tampering, replay/fraud scenarios).
• Guidance on documentation, technical files and evidence supporting conformity assessments under the Radio Equipment Directive.

Typical use and users

Manufacturers and designers of consumer and professional radio devices (IoT products, connected toys, childcare monitors, wearable devices), product security engineers, compliance and regulatory teams preparing technical documentation for market access in the EU/UK, notified bodies and test laboratories performing conformity assessments, and procurement/specifiers seeking secure-by-design product requirements. The standard is also used by cybersecurity consultants and QA teams to align product development with RED cybersecurity obligations.

Related standards

EN 18031 is a multi-part series: - Part 1 (EN 18031-1:2024) covers internet-connected radio equipment and network-protection requirements; Part 3 (EN 18031-3:2024) addresses fraud prevention aspects. These EN 18031 parts are intended to support compliance with the EU Radio Equipment Directive (RED) and related delegated regulations that introduce cybersecurity/data-protection obligations. Other related cybersecurity and IoT standards referenced in the ecosystem include EN 303 645 and TS 103 701, among national adoptions and supporting test methods.

Keywords

radio equipment, cybersecurity, IoT security, data protection, Radio Equipment Directive, RED, firmware updates, authentication, encryption, wearable devices, toys, childcare monitors, EN 18031, BS EN.

FAQ

Q: What is this standard?

A: BS EN 18031-2:2024 is the British adoption of the European standard EN 18031-2:2024 specifying common security requirements for radio equipment that processes personal, traffic or location data — in particular internet-connected devices, childcare devices, toys and wearables.

Q: What does it cover?

A: It sets technical measures and requirements for authentication, secure communications, firmware integrity and updates, data protection safeguards, network-protection measures and other controls to reduce cybersecurity and privacy risks in covered radio equipment. It is intended to be used when demonstrating conformity with RED-related cybersecurity obligations.

Q: Who typically uses it?

A: Product manufacturers, security engineers, regulatory/compliance teams, test labs and notified bodies involved in assessing and documenting cybersecurity conformity for radio devices marketed in the EU/UK. Procurement teams and security consultants also use it to specify security requirements.

Q: Is it current or superseded?

A: As published in 2024 and adopted as BS EN 18031-2:2024, it is current (the active EN 18031 series was finalized in 2024). Users should check national publication notices or national standards bodies for any minor corrigenda or national forewords.

Q: Is it part of a series?

A: Yes — EN 18031 is a multi-part standard (at least Parts 1, 2 and 3) addressing network protection, data protection and fraud prevention for radio equipment. The parts are published together to cover the range of cybersecurity obligations under the Radio Equipment Directive.

Q: What are the key keywords?

A: radio equipment, IoT security, device authentication, firmware update, encryption, data protection, network protection, toys security, childcare devices, wearables, EN 18031, RED compliance.