Interlaboratory Cybersecurity Program for IoT Devices

ILT‑U‑3748 · Determination of cybersecurity requirements per EN 18031

The rapid digitalization and use of Internet‑connected IoT devices significantly increase exposure to cybersecurity risks.
To help manufacturers, laboratories, and conformity assessment bodies prepare for these new requirements, ILT has developed the interlaboratory program ILT‑U‑3748, focused on verifying cybersecurity requirements according to EN 18031.

Objective of the ILT‑U‑3748 program

The objective of this proficiency testing program is for participants to perform cybersecurity tests on an Internet‑connected IoT device, in order to:

  • Verify the capability of the laboratory to assess compliance with applicable cybersecurity requirements.
  • Simulate evaluation conditions linked to the Radio Equipment Directive (RED) 2014/53/EU.
  • Provide an independent comparison of performance among laboratories conducting this type of testing.

Determination
In this exercise, a subset of cybersecurity requirements defined in sections 3.3(d), (e), and (f) of the RED is evaluated, selected by ILT based on the EN 18031 standard.

What is EN 18031?

EN 18031 is a European standard developed by:

  • The European Committee for Standardization (CEN) and
  • The European Committee for Electrotechnical Standardization (CENELEC),
    through the joint technical committee CEN‑CENELEC JTC 13, Working Group 8 (WG8), specialized in cybersecurity and data protection.

This standard was developed in response to the Delegated Regulation (EU) 2022/30, which introduces specific cybersecurity requirements for radio equipment under the Radio Equipment Directive (RED) 2014/53/EU.

EN 18031 provides a reference framework for demonstrating conformity with Articles 3.3(d), (e), and (f) of the RED and has been adopted as a harmonized standard, with certain restrictions specified by the European Commission. ibf-solutions.com

The primary goal of EN 18031 is to improve the security of radio equipment by strengthening its ability to protect:

  • Communication networks,
  • User privacy and personal data, and
  • Financial assets against common cybersecurity threats.

Key features of EN 18031

Notable aspects of EN 18031 include:

1. Harmonized standard for cybersecurity requirements

EN 18031 has been approved as a harmonized standard, with specific restrictions, to demonstrate compliance with the cybersecurity requirements of the RED. This allows manufacturers and other market actors to rely on the standard to show conformity.

2. Cybersecurity‑specific focus

The standard specifically addresses Articles 3.3(d), (e), and (f) of the RED related to cybersecurity, ensuring robust protection against:

  • Unauthorized access,
  • Data manipulation,
  • Misuse of networks and services,
  • Fraud risks and other common attacks.
3. Data protection and risk reduction

EN 18031 provides a clear framework to:

  • Protect personal data and user privacy,
  • Reduce the probability of fraud and malicious use,
  • Lower the risk of cyberattacks on radio equipment and connected devices.
4. Impact on manufacturers and assessment bodies

Manufacturers and stakeholders in the radio equipment and IoT sector will need to:

  • Align the design of their products with EN 18031 requirements.
  • Integrate cybersecurity measures from early development stages.
  • Prepare for more demanding conformity assessments in cybersecurity.

When do the cybersecurity articles 3.3(d), (e) and (f) apply?

The interlaboratory program ILT‑U‑3748 – Determination of cybersecurity requirements is designed to:

  • Provide an independent performance assessment of laboratories testing Internet‑connected IoT devices.
  • Verify the practical implementation capability of EN 18031 requirements and the RED Articles 3.3(d), (e), and (f).
  • Support laboratories, manufacturers, and conformity assessment bodies in their technical preparation ahead of 1 August 2025.

Through this program, participants will obtain:

  • Comparative results such as z‑scores or other statistical indicators to evaluate performance against a reference group.
  • Useful information to strengthen test procedures, validation, and quality assurance.
  • Evidence that can support internal accreditation, audits, and continuous improvement processes.

Who is it for?

The ILT‑U‑3748 program is aimed at:

  • Testing laboratories that perform or plan to perform cybersecurity evaluations on radio equipment or IoT devices.
  • Manufacturers seeking to validate their products against cybersecurity requirements before commercialization.
  • Conformity assessment bodies and Notified Bodies involved with the RED.
  • R&D, quality, and cybersecurity departments needing objective evidence of their testing methods’ performance.

More information and participation request

If you would like more information about the ILT‑U‑3748 – Cybersecurity (EN 18031) program or to learn about upcoming rounds: