EU: CRA standards and the successors to EN 18031

EN 40000-1-X series

We have already reported in a previous newsletter(A normative landscape for the Cyber Resilience Act (EU) 2024/2847) that the series of standards (EN 18031-X) on cybersecurity from the RED requirement on cybersecurity will have successors, which will be continued in the EU Cyber Resilience Act.

Here is the current status of the future standards:

EN 40000-1-1
Cybersecurity requirements for products with digital elements 
- Part 1-1: Vocabulary

EN 40000-1-2
Cybersecurity requirements for products with digital elements 
- Part 1-2: Principles for cyber resilience 

New in the Working Program:
EN 40000-1-3
Cybersecurity requirements for products with digital elements 
- Part 1-3: Vulnerability Handling

EN XXXX
Cybersecurity requirements for products with digital elements 
- Part XXXX: - Generic Security Requirements

EN XXXX
Cybersecurity requirements for products with digital elements 
- Part XXXX: Threats and Security Objectives

The drafts of the first two standards are due to be published soon. We will have to be patient for the others.

The standards are being created in the CEN-CENELEC Committee "CEN/CLC/JTC 13, WG9". Working Group 9 deals with 
     "Horizontal cybersecurity for products with digital elements"
The Chairman (WG 9) is Ben Kokx, under whose leadership the EN 18031-X series was also created.
https://standards.cencenelec.eu/ords/f?p=205:22:::::FSP_ORG_ID,FSP_LANG_ID:3259751,25&cs=1C27A4B0B0DBE60314FA9A937DC592CF5

On February 16, 2026, the Commission decided to repeal Delegated Regulation (EU) 2022/30 (RED Cyber) with effect from December 11, 2027. This means that the new standards mentioned above must be ready at least six months before this date.
Link to the decision with reasons:
     https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14766-Cybersecurity-repeal-of-Delegated-Regulation-supplementing-the-Radio-Equipment-Directive_en 

The requirements of the RED will then be more widely adopted by the CRA.
 

We will keep you up to date and will be happy to provide you with further details.
 

Author's note

This article has been machine translated into English.

 



TERMS AND ABBREVIATIONS

RED: Radio Equipment Directive 2024/53/EU

CRA: Cyber Resilience Act (EU) 2024/2847

CEN, CENELEC and ETSI are the three EU standard organizations (ESO)

Standards = norms

More Information

Published on 08.04.2026
Category: Focus Industry, Fokus Electrical and Wireless, Insider-Compliance, Compliance

back to list

Standards News

The most important news or amendments regarding Standards by the European Commission at a glance.

Comprehensive expertise in Standards Management
Standards News
EU: EMC Directive and the listing of EMC standards in the EU Official Journal

When will new EMC standards be published in the EU Official Journal (OJEU)?

Read more

EU: new references of harmonized standards

hEN updates for March

Read more

European standardization: Revision of the EU standardization regulation and CEN/CENELEC plan new standardization product

Where are we going?

Read more

Expert-verified information packages for compliant products worldwide

Save resources, reduce liability risk, gain security!

learn more and order now

©Lucky_Business@shutterstock.com/ROGER-WILLCO

Product Compliance Portal

The central research platform to gather all market authorization requirements and keep them up to date.

 

©Lucky_Business@shutterstock.com/GLOBALNORM

System-based Standards Management

The efficient IT solution for centralized management and monitoring of all relevant standards.

 

De En
Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK