Skip to Content

IOT & RADIO EQUIPMENT CYBERSECURITY

EN 18031 & EN 303 645 compliance testing for Europe, UK & Australia 

Standards we test against

Expert testing and compliance support for internet-connected and radio equipment against the mandatory cybersecurity standards under the Radio Equipment Directive (RED), UKCA, and the Australian Cyber Security Act. Achieve your Declaration of Compliance with confidence.

 EN 18031-1

Network protection

  • Protect network integrity against misuse
  • Traffic filtering and rate limiting controls
  • Secure communication channel requirements
  • Network resource access restrictions
  • Applies: internet-connected radio equipment

EN 18031-2

Privacy & personal data

  • Safeguard personal data and privacy
  • Data minimisation and purpose limitation
  • Secure data storage and transmission
  • User control over personal data
  • Applies: devices processing personal data

EN 18031-3

Fraud prevention

  • Prevent fraud and monetary misuse
  • Secure transaction authentication
  • Protection against unauthorised charges
  • Tamper-evident mechanisms
  • Applies: devices enabling monetary transfers

EN 303 645

Consumer IoT baseline

  • No universal default passwords
  • Vulnerability disclosure policy required
  • Software kept updated, securely
  • Credentials stored securely
  • 13 provisions covering consumer IoT

🇪🇺 Europe

Mandatory under RED 2014/53/EU Article 3(3)(d), (e) and (f). Full enforcement active. CRA full enforceability by December 2027.

EN 18031-1EN 18031-2EN 18031-3EN 303 645Declaration of Conformity 

 🇬🇧 United Kingdom

PSTI Act 2022 mandates EN 303 645 aligned requirements. UK closely mirrors RED obligations post-Brexit under UKCA marking.

EN 303 645PSTI Act 2022UKCA markingDeclaration of Compliance 

🇦🇺 Australia

Cyber Security (Security Standards for Smart Devices) Rules 2025 commenced 4 March 2026. EN 303 645 is the recognised baseline standard.

EN 303 645EN 18031 seriesCyber Security Rules 2025Declaration of Compliance 

Our testing services


VAPT — vulnerability & penetration testing

Identify and exploit weaknesses in software, hardware, firmware and network configurations


Declaration of Compliance support

Full documentation for RED, UKCA and Australian Cyber Security Act requirements


Gap analysis against EN 18031 & EN 303 645

Structured review of your device against all mandatory provisions before formal testing


Test reports & technical documentation

Regulator-ready evidence packs, risk assessments and remediation roadmaps


IoT & smart device coverage

Smart home, wearables, medical devices, industrial control systems and child safety gadgets


Multi-region single engagement

One test programme covering EU, UK and Australian requirements to reduce cost and time to market

Contact Us

Submit