An inconspicuous IoT device, a smart sensor, or an RFID reader—often overlooked, but in an emergency, the gateway for entire cyberattacks. What happens when hundreds of thousands of such devices are suddenly compromised and paralyze critical infrastructure as botnets? Such scenarios have long been a reality—and they threaten not only individual companies but entire value chains.
With the new Radio Equipment Directive (RED – EN 18031), the EU is therefore pulling the ripcord: From August 2025, radio equipment may only be placed on the market if it meets strict Cybersecurity requirements. For manufacturers, this means that the time for waiting is over. Those who act now will not only protect their customers and users, but also ensure the future viability of their products.
What the RED (EN 18031) covers
The RED was originally focused on radio parameters such as radiation and frequency spectrum. With the new EN 18031, the focus has shifted: Cybersecurity, data protection and network stability are now mandatory components of the standard. Radio devices may only be operated if they receive regular security updates and misuse, for example through weak passwords or lack of authentication, is ruled out.
Distinction from other regulations:
• The NIS 2 Directive primarily addresses operators of critical infrastructures.
• The Cyber Resilience Act (CRA) takes the entire product life cycle into account.
• The RED (EN 18031), on the other hand, focuses specifically on radio equipment and its manufacturers.
Particularly important: the standard is harmonised – many of the requirements are identical to established standards such as IEC 62443. Manufacturers thus benefit from synergies between the regulations.
Which industries and companies are affected
Basically, any device that transmits radio signals is affected – from RFID readers and machine controls to laptops. The focus is particularly on manufacturers who sell large quantities annually and are based in the following industries:
• Mechanical and plant engineering
• Medical technology
• Household appliances and tools
• Automotive, toll systems and aviation technology
By far the biggest challenge: existing products. Systems based on standard hardware with Wi-Fi and Windows are often difficult or impossible to retrofit. This often requires new development or architectural changes – for example, by separating radio modules.
KontronOS: The key to RED compliance
With KontronOS, Kontron susietec® offers a platform that is designed from the ground up for security and long-term support. It not only meets the key requirements of the RED, but also facilitates CE certification.
This is how KontronOS supports you:
• Secure updates: Only verified and device-specific updates are accepted – from simple USB solutions to fully automated delta updates.
• Integrity through individual keys: Each device has a burned-in, physically secured key. This ensures that only authorised software is installed.
• DDoS protection and logging: Devices are assigned individual passwords, and all changes are documented in a traceable manner.
• Separation of OS and application: The operating system is protected within the device and is duplicated. If an update fails, the second, secure copy automatically takes over – ensuring that the system remains bootable at all times. Customised applications also run separately as apps and can be updated securely.
KontronOS enables manufacturers to concentrate on their core applications, while basic security functions are already covered.
