Why is EN 18031 compliance important?

Since August 1, 2025, RED cybersecurity requirements are legally mandatory for radio equipment with internet connectivity (direct or indirect) sold in the EU. EN 18031 is the harmonized standard that defines how to meet these requirements. Without demonstrating compliance with these cybersecurity requirements, you cannot legally place your wireless, internet-connected products on the EU market.

How does RedComply facilitate EN 18031 compliance?

RedComply guides you with pre-built compliance templates tailored to your product. Our AI automatically analyzes your uploaded project documentation, maps it to EN 18031 requirements, and helps you interpret the harmonized standard at every step. You remain in control throughout the process, reviewing and validating all AI suggestions to ensure accuracy. This human-in-the-loop approach significantly reduces time and costs while maintaining quality.

What happens if a product does not fully comply with EN 18031?

Non-compliant products cannot legally enter the EU market after August 1, 2025, and existing products face market bans, mandatory recalls, and substantial fines. If your product cannot fully meet EN 18031 requirements, you have two options: redesign the product to achieve compliance, or work with a Notified Body for alternative conformity assessment procedures (which are significantly more expensive and time-consuming than self-declaration). Market surveillance authorities actively enforce these requirements, making compliance essential for continued EU sales.

Do I still need a Notified Body?

For many radio equipment categories, you can use our AI-guided self-assessment approach instead of expensive Notified Body reviews, saving thousands in costs and months in timeline. We'll help you determine if your product qualifies for self-assessment.

Can I import existing penetration-test reports?

Yes, our platform automatically ingests and maps existing security reports to EN 18031 requirements, saving you from starting compliance from scratch. We support common formats and can extract relevant findings automatically.

Absolutely. We're pursuing ISO 27001 certification and are GDPR compliant. All data is encrypted at rest and in transit, with enterprise-grade security controls. Your compliance documentation stays confidential and secure.

How long does a typical compliance run take?

With our AI automation, initial compliance assessment takes 2-3 weeks instead of 3-6 months manually. Complex products might take longer, but you'll see progress immediately and can generate preliminary reports within days.

How do updates work when I release a new firmware?

We help you identify what changes have been made and assess whether any compliance requirements are impacted. Our platform versions your compliance documentation and generates updated Declarations of Conformity (DoC) for each firmware release, ensuring you maintain compliance throughout your product lifecycle.

How AI Assists RED Cybersecurity Compliance

The EU Radio Equipment Directive now requires cybersecurity compliance under EN 18031. AI-powered tools are transforming how manufacturers prepare technical documentation, run assessments, and reach conformity - faster and with fewer errors.

March 7, 2026

Key Takeaways

AI-powered cybersecurity compliance for the EU Radio Equipment Directive and EN 18031

AI can assist RED cybersecurity compliance by automating the most time-consuming parts of the EN 18031 documentation process - from populating compliance tables and navigating decision trees to generating test plans and Declarations of Conformity. Instead of replacing human judgment, AI acts as an intelligent co-pilot that accelerates structured workflows while keeping engineers in control.

AI automates documentation: Compliance tables, asset inventories, and test plans can be pre-populated and cross-referenced automatically, reducing hours of manual data entry.
Decision trees become guided workflows: AI navigates complex yes/no compliance questions, tracks branching logic, and records PASS/FAIL outcomes consistently across all requirements.
Test plan generation is accelerated: AI auto-calculates verdict conditions, matches pass/fail criteria masks, and flags incomplete assessments before they become audit risks.
EN 18031 knowledge is always accessible: An AI assistant trained on the standard can answer context-specific questions, search related requirements, and suggest appropriate responses in real time.
Human expertise remains essential: AI handles the repetitive structure; engineers focus on judgment calls, risk assessments, and device-specific decisions that require domain knowledge.

Why RED Cybersecurity Compliance Is Hard Without AI

The Radio Equipment Directive (RED) - specifically Delegated Regulation (EU) 2022/30 - activates cybersecurity requirements under Articles 3.3(d), 3.3(e), and 3.3(f). Manufacturers of internet-connected devices must demonstrate compliance with EN 18031 (parts 1, 2, and 3) through detailed technical documentation.

The challenge is scale. A single device assessment involves:

Dozens of compliance sections (Equipment Identification, Access Control, Vulnerability Handling, Cryptography, Software Updates, Logging, and more)
Hundreds of individual table rows requiring specific answers, justifications, and evidence references
Multiple decision trees with branching logic leading to PASS, FAIL, or NOT_ASSESSED outcomes
A three-tier test plan (Conceptual Assessment, Functional Sufficiency, Functional Completeness) with auto-calculated verdicts
A Declaration of Conformity (DoC) that must compile all results into a structured PDF

Doing this manually - especially across multiple devices and multiple EN 18031 parts - is slow, error-prone, and difficult to maintain as products evolve. This is precisely where AI delivers the most value.

How AI Automates Compliance Documentation

AI automating compliance documentation - transforming manual paperwork into structured digital tables

The most immediate impact of AI on RED compliance is automating repetitive documentation tasks. EN 18031 requires manufacturers to populate structured compliance tables across every section of the standard. Each table has specific columns, often with select dropdowns, multi-choice pick lists, and additional detail fields.

Auto-Population from Asset Inventories

AI can automatically populate compliance tables by cross-referencing your device's asset inventory. For example, once you identify your security assets (security functions and security parameters), AI can propagate those identifiers into downstream tables - access control mechanisms, cryptographic implementations, software update pathways - without you copying data manually.

Intelligent Table Completion

An AI assistant with knowledge of EN 18031 can suggest appropriate values for compliance columns based on your device description and previous answers. It can flag inconsistencies - for example, if you claim a device supports encrypted firmware updates in one table but mark cryptography as "not applicable" in another.

Standard-Aware Filtering

EN 18031 has three parts targeting different RED articles. AI applies the correct standard field inheritance rules - filtering sections, tables, and columns based on which standards your project requires (EN 18031-1, -2, -3, or any combination). This means engineers only see what is relevant to their specific compliance scope.

AI-Guided Decision Trees for Compliance Assessments

AI-guided decision trees navigating compliance questions to PASS/FAIL outcomes

EN 18031 compliance often requires answering structured sequences of yes/no questions to determine whether a specific requirement is met. These decision trees can have dozens of nodes, and a single wrong turn can lead to an incorrect assessment outcome.

AI assists in several ways:

Guided navigation: The AI walks engineers through each decision tree step by step, ensuring no branch is skipped and every outcome (PASS, FAIL, NOT_ASSESSED) is recorded in the correct table row.
Context-aware suggestions: Based on previous answers and the device's asset inventory, the AI can pre-suggest likely answers - while always leaving the final decision to the engineer.
Consistency checking: When decision tree outcomes in one section contradict answers in another, the AI flags the discrepancy immediately rather than letting it surface during an audit.
Batch processing: For devices with similar architectures, AI can apply decision tree patterns from one device to another, with engineers reviewing and adjusting only the differences.

In RedComply, decision trees are directly linked to compliance table rows. The AI assistant can access the current decision tree state, search EN 18031 for relevant requirements, and help engineers make informed decisions - all within the same interface.

To understand the full risk assessment workflow that AI accelerates, see our step-by-step RED risk assessment guide.

Accelerating Test Plans with AI Auto-Calculation

The EN 18031 test plan is a three-tier assessment that evaluates your compliance evidence at increasing levels of depth:

Assessment Tier	Purpose	How AI Helps
Conceptual Assessment	Evaluates test items against decision tree results and expert justifications	AI auto-populates DT results from completed decision trees and flags items missing justifications
Functional Sufficiency	Tests cases against defined assessment units	AI cross-references test cases with requirement tables to ensure coverage
Functional Completeness	Identifies missing documented test items	AI scans for gaps - requirements without corresponding test evidence

Auto-Calculated Verdicts

One of the most powerful AI-assisted features is automatic verdict calculation. EN 18031 test plans use verdict conditions - rules like "At least one PASS in column DT result" or "No FAIL entries present." AI evaluates these conditions against your actual data and computes the final verdict using pass/fail criteria masks.

The logic follows a clear priority: PASS > FAIL > NOT APPLICABLE. If data is incomplete, the system shows a "-" indicator rather than guessing - ensuring that engineers always know when more work is needed before the assessment can be finalized.

From Test Plan to Declaration of Conformity

Once all three assessment tiers are complete, AI can compile the results into a Declaration of Conformity (DoC) PDF - the final deliverable required for EU market access. Equipment identification tables render vertically as key-value pairs, while assessment tables render horizontally. Pick lists, extra-info fields, and decision tree outcomes are all formatted correctly without manual layout work.

Manual vs. AI-Assisted Compliance: A Comparison

Comparison of manual versus AI-assisted RED cybersecurity compliance workflows

Compliance Task	Manual Approach	AI-Assisted Approach
Asset identification	Spreadsheet-based, error-prone	Structured tables with auto-propagation to downstream sections
Compliance table entry	Copy-paste across dozens of tables	AI pre-fills from device profile and flags inconsistencies
Decision trees	Paper-based or ad-hoc tracking	Guided step-by-step navigation with recorded outcomes
Test plan verdicts	Manual calculation of pass/fail criteria	Auto-calculated verdicts with real-time condition checking
Multi-standard scope	Manually track which sections apply to which standard	Automatic filtering via standard field inheritance rules
DoC generation	Manual PDF assembly from scattered sources	One-click PDF generation from structured compliance data
Cross-device reuse	Start from scratch for each new device	Clone and adapt compliance data, AI highlights what needs to change

The difference is not just speed - it is structural reliability. AI-assisted workflows enforce the same data model across every device, every section, and every standard. This means fewer inconsistencies, fewer audit findings, and faster time to market.

We explore the specific advantages of AI in more depth in our article on the benefits of AI for EN 18031 compliance.

Frequently Asked Questions

Can AI fully automate RED cybersecurity compliance?

No. AI automates the structured, repetitive parts - table population, decision tree navigation, verdict calculation, and document generation. However, human expertise is essential for risk assessments, device-specific security decisions, and interpreting requirements that depend on product architecture. AI is a co-pilot, not an autopilot.

What is EN 18031 and why does it matter for RED?

EN 18031 is a harmonised European standard (parts 1, 2, and 3) that provides a presumption of conformity with the RED cybersecurity requirements under Articles 3.3(d), 3.3(e), and 3.3(f). Following EN 18031 is currently the most practical path for manufacturers to demonstrate compliance with the Radio Equipment Directive's cybersecurity provisions.

How does AI handle multiple EN 18031 parts simultaneously?

The EN 18031 template system uses standard field inheritance - the `standard` field cascades from sections to subsections to tables to columns. AI applies these rules automatically, so a project targeting EN 18031-1 and EN 18031-3 only shows requirements relevant to those two parts. No manual filtering is needed.

Is AI-generated compliance documentation accepted by notified bodies?

The documentation itself is what matters, not how it was produced. AI-assisted tools like RedComply generate the same structured technical documentation that would be created manually - compliance tables, test plans, decision tree outcomes, and Declarations of Conformity. The output follows EN 18031 requirements regardless of whether a human or AI populated the fields.

What types of devices benefit most from AI-assisted RED compliance?

Any internet-connected device requiring EU market access benefits, but the efficiency gains are largest for manufacturers with multiple product variants or product families sharing similar architectures. AI allows compliance data to be reused and adapted across devices rather than rebuilt from scratch each time.

Getting Started with AI-Assisted RED Compliance

RedComply is purpose-built for EN 18031 and RED cybersecurity compliance. The platform combines structured compliance workflows with an AI assistant that understands the standard, your device context, and your documentation state.

Here is how to start:

Create a project and select which EN 18031 parts apply (1, 2, 3, or any combination)
Add your device and begin identifying security assets - the mandatory first step of any EN 18031 assessment
Work through compliance sections using AI-assisted tables and decision trees
Generate your test plan with auto-calculated verdicts for all three assessment tiers
Export your Declaration of Conformity as a structured PDF ready for regulatory review

The AI assistant is available throughout - search the standard, get context-specific guidance, and let automation handle the repetitive work while you focus on the engineering decisions that matter.

Back to Home