RED Cybersecurity (EN 18031)

Overview

The RED cybersecurity standard (EN 18031) defines requirements to ensure that radio equipment is secure and does not negatively impact networks, users, or services.

It is structured around three main articles:

• 3.3.d: Protection of networks and prevention of service degradation
• 3.3.e: Protection of personal data and privacy
• 3.3.f: Protection against fraud

Applicability

Depending on the system design, not all articles may apply.

Typical example:

• Systems without user data → privacy requirements may not apply
• Systems without financial interaction → fraud-related requirements may not apply
• Network interaction → usually relevant and must be addressed

Requirements Structure

Each article is divided into:

• Mechanisms (high-level requirements)
• Detailed requirements

For each requirement, the following must be defined:

1. Applicability
2. Implementation (if applicable)
3. Justification (if not applicable)
4. Supporting evidence

Examples of supporting evidence:

• Design documentation
• Code snippets
• Architecture diagrams
• Configuration details

Summary

• Not all requirements apply to all devices
• Clear justification is essential
• Evidence is critical for compliance
• The process is iterative and documentation-driven