Zealience logo
EN 18031-1 · EN 18031-2 · EN 18031-3

Radio Equipment Directive
Automated.

Z-CMS automates EN 18031 technical documentation and test plans for RED DA compliance — saving manufacturers up to 90% in time and cost. Trusted by hundreds of manufacturers in 20+ countries and accepted by Notified Bodies.

Zealie the kingfisher mascot

The regulation explained

Everything you need to know about RED DA & EN 18031

The Radio Equipment Directive Delegated Act has been in application since August 2025. Here's what it means for your products.

The Radio Equipment Directive Delegated Act

The EU Radio Equipment Directive (RED), formally known as Directive 2014/53/EU, ensures that radio equipment sold in the EU meets health, safety, and electromagnetic compatibility requirements. In 2021, it was supplemented by the Delegated Regulation (EU) 2022/30 — known as the RED DA — introducing mandatory cybersecurity requirements.

The RED DA has been in application since 1 August 2025. From that date, all in-scope radio equipment must comply with the applicable essential requirements when placed on the EU market.

Radio equipment in scope

  • 3(3)(d): Internet-connected radio equipment — any device that directly or indirectly transfers data to/from the Internet
  • 3(3)(e): Internet-connected equipment processing personal/location data, childcare equipment, toys, and wearables
  • 3(3)(f): Internet-connected equipment enabling transfer of money or virtual currency
Read our full EN 18031 guide

The 3 essential requirements

Article 3(3)(d) EN 18031-1

Network protection

Radio equipment must not harm the network or its functioning, nor misuse network resources causing unacceptable degradation of service.

Article 3(3)(e) EN 18031-2

Privacy & personal data

Radio equipment must incorporate safeguards to ensure that the personal data and privacy of the user and subscriber are protected.

Article 3(3)(f) EN 18031-3

Fraud protection

Radio equipment must support features ensuring protection from fraud, applicable to devices enabling monetary or virtual currency transfer.

The hard truth

EN 18031 compliance is notoriously difficult.

The standards are complex, the documentation burden is enormous, and the margin for error is small. Here's what manufacturers face when they try to do it manually.

10–12 months of manual project duration

2 months familiarising with the standards, 6 months creating technical documentation, 1 month on test plans, 1 month on assessments. All before a single product ships.

400+ Decision Trees to document

Every EN 18031 requirement must be evaluated for every asset in scope — and the same requirement can apply multiple times. Manually tracking, filling, and justifying each DT is a massive documentation burden.

600 pages of standards to read and interpret

European cybersecurity standards are overwhelming in volume—EN 18031 alone exceeds 600 pages, with CRA texts adding hundreds more. No team can fully grasp it all.

€100K+ compliance cost per device

Between internal engineering hours and external consultants, first-time EN 18031 compliance easily exceeds six figures per product family — and that's before any Notified Body certification fees.

No guidance on identifying assets

EN 18031 requires manufacturers to identify "assets" — a cybersecurity concept most engineers have never encountered. The standards assume you already know what they are. Most teams get this wrong on the first attempt.

Impossible to know requirements upfront

You cannot identify which EN 18031 requirements apply until you've mapped all your assets and interfaces. The process is inherently iterative — and without the right tooling, every iteration costs weeks.

"

Z-CMS makes RED DA compliance much less daunting and frustrating. We created our first technical file manually before purchasing the tool, but we discarded it and started over once we understood Z-CMS's capabilities.

Xirgo P. McGrotty, Embedded System Architect at Xirgo

How Z-CMS solves it

From 10 months to 6 weeks. Here's how.

Z-CMS automates the hardest parts of EN 18031 compliance — so your engineering team can focus on building the product, not the paperwork.

Intelligent Q&A

Never touch Excel again.

Z-CMS captures your product information through intelligent Q&As — built on EN 18031 algorithms that adapt the question flow based on your answers. With over a million possible paths, every product is handled with precision. The result: properly structured Decision Trees, generated automatically.

Up to 70% reduction in typing compared to manual EN 18031 documentation.

Z-CMS intelligent Q&A flow for EN 18031
Asset Identification

Stop guessing what your assets are.

EN 18031 requires manufacturers to identify every asset in scope — a cybersecurity concept most engineers have never encountered. Z-CMS guides your team through an iterative discovery process, asking targeted questions about your interfaces and protocols until every asset is accounted for.

Assets discovered step by step, with no compliance jargon left unexplained.

Z-CMS asset identification for EN 18031
Expert Guidance

An expert by your side, at every step.

Dr. Guillaume Dupont coontributed to the drafting of EN 18031. His decade of IoT cybersecurity expertise is built into every question, guidance and edge case in Z-CMS. Your team gets the interpretation right the first time — not after a costly rejection from a Notified Body.

"Z-CMS has been a great resource for developing real cybersecurity expertise." — Ela Innovation

Z-CMS expert EN 18031 guidance
Real-Time Dashboard

Know your RED DA compliance status at a glance.

Decision Tree completion percentage, requirement coverage, and gap analysis — all aggregated in real-time. Stakeholders can act on non-compliance immediately, without waiting months for a third-party laboratory report to surface problems.

No more waiting. No more surprises before submission.

Z-CMS real-time RED DA compliance dashboard
Task Management

Compliance is a team sport.

Create tasks, assign them to stakeholders, and track progress — all within Z-CMS. A dedicated task management view keeps your whole team aligned and accountable across the 400+ Decision Trees EN 18031 demands. Something simply not possible in a shared Excel file.

Replace scattered spreadsheets with structured team collaboration.

Z-CMS task management for EN 18031 compliance

Proven results

The numbers speak for themselves.

Up to 90% Reduction in time & cost
100+ Manufacturers made compliant
20+ Countries worldwide
#1 Trusted software for EN 18031
Full story "

Our Notified Body accepted everything exactly as submitted — Technical Documentation with 60 worksheets, 400+ Decision Trees, zero modifications. Z-CMS delivered what no other solution could for EN 18031 compliance.

Siemens

S. Weigang

Type Test Engineering

1 / 18

View all success stories

Secure deployment

Two deployment models.
One principle: your data stays with you.

Z-CMS gives you full flexibility in how you deploy — without compromising on security. In both cases, Zealience has zero access to your data: no SaaS analytics, no AI training, no external processing.

Air-Gapped On-Premises

Completely isolated environment with zero external connectivity. Maximum protection for the most security-critical environments.

  • Zero external connectivity
  • Maximum isolation
  • Full data sovereignty

Self-Hosted Private Cloud

Deploy within your own cloud or internal infrastructure to enable secure remote access while retaining complete control.

  • Controlled remote access
  • Your infrastructure
  • Distributed teams

Your existing security controls remain fully enforceable.

Firewalls, identity management, network segmentation, and monitoring — all your infrastructure policies apply. You define who accesses the system, enforce authentication, and integrate with your existing security stack.

FirewallsIdentity managementNetwork segmentationTraffic monitoringAuthentication policiesYour existing security stack
Zealie the kingfisher protecting your data with a shield

Z-CMS deployment model

Your environment

Z-CMS
Your data
Your team

No access

Cloud

SaaS servers
Third parties
Learn more about deployment options →

Also facing the CRA?

Two-thirds of your EN 18031 work counts toward CRA compliance.

Z-CMS supports both regulations. Your RED DA compliance is already a head start on the Cyber Resilience Act — don't start from scratch.

Explore CRA compliance with Z-CMS

Frequently asked questions

Common questions from manufacturers

Can't find your answer here? Read our comprehensive EN 18031 guide or .

Read our full EN 18031 & RED DA guide

Ready to get started?

See how Z-CMS handles EN 18031 compliance.
Book a live demo today.

Talk to our team and discover how manufacturers complete EN 18031 compliance in 1–2 months instead of 10–12. No commitment required.

+49 69 505027142

  • On-premises installation included
  • Free customer support with every license
  • Trusted by manufacturers in 20+ countries