Contenu en cours de relecture

Cybersecurity testing for radio equipment and connected objects

Protect your connected products and ensure they comply with the RED directive

RED cybersecurity directive - EN 18031 compliance - Security by design

Cybersecurity has become an essential requirement for the marketing of radio and IoT equipment in Europe. It is aimed at ensuring the safety of equipment and its users, as well as data protection. The Emitech Group offers a complete range of tests to meet the requirements of Delegated Regulation (EU) 2022/30 of the RED Directive, applicable from 1ᵉʳ August 2025.Connected object manufacturers, R&D project managers, quality or cybersecurity managers: secure your products from the design stage, validate their robustness, and guarantee their regulatory compliance thanks to our services.
Ask for a quote
padlocks in cyberspace

Cybersecurity and IoT compliance, our services

1. Compliance diagnosis and risk analysis

  • Initial diagnosis to determine whether IoT products are affected by the cybersecurity requirements imposed by the RED Directive (articles 3.3 d, e, f) and the associated EN 18031-x standards.
  • In-depth diagnosis of compliance with EN 18031-x standards, accompanied by Drawing up the required documentation (QIRE and DCMOE) for assessing the conformity of your products.
  • Risk analysis structured according to the EBIOS methodology.
  • Raising your teams' awareness of the cybersecurity requirements defined in the RED Directive.
We provide you with a clear view of your level of compliance, identify any gaps and guide you towards an appropriate solution for securing your connected equipment right from the design stage.

2. Cybersecurity and penetration testing

  1. In-depth cybersecurity assessments in accordance with the requirements of EN 18031-x standards applicable to radio equipment and connected objects, as part of the RED 2014/53/EU directive (articles 3.3 d, e, f).
  2. Tests carried out in a secure environment according to a structured normative test plan that covers all the security mechanisms defined by the EN18031-x standard:
    • ACM (Access Control): verification of access management to sensitive assets by authorised entities.
    • AUM (Authentication): assessment of the robustness of authentication mechanisms (passwords, certificates, tokens).
    • SUM (Secure updates): verification of the integrity, authenticity and control of updates.
    • SSM (Secure Storage): testing the protection of stored assets against unauthorised access.
    • SCM (Secure Communication): validation of the confidentiality, integrity and authenticity of exchanges and anti-replay protection.
    • LGM (Logging): verification of the traceability of security events.
    • DLM (Deletion): ability to securely delete sensitive data.
    • UNM (User Notification): checks the ability to notify the user of security events.
    • RSM (Resilience): resistance to DoS/DDoS attacks.
    • NMM (Network Monitoring): detection of abnormal or malicious network activity.
    • TCM (Traffic Control): analysis of traffic behaviour to prevent abuse.
    • CCK (Cryptographic Keys): key security (absence of default values, good generation practices).
    • GEC (General Capabilities): equipment compliance with general requirements (up-to-date hardware/software, limited exposed services).
    • CRY (Cryptography): assessment of the use of robust cryptographic techniques that comply with best practice.
  3. Implementation of realistic intrusion tests using the White Box, Grey Box and Black Box approaches, to simulate different levels of access and assess actual resistance to attacks.
  4. Each test campaign concludes with a detailed technical report including the non-conformities detected, the severity levels and concrete recommendations for improvement.

3 Documentary and functional audits

  • Analysis of the compliance of the documents supplied (QIRE, DCMOE, manuals, technical specifications, updating procedures, access security, etc.) with the requirements of the EN 18031-x standards and the RED directive. The aim is to check that the security mechanisms are correctly specified, documented and traceable.
  • Evaluation of the product in a real-life situation to confirm the existence, implementation and effectiveness of the mechanisms declared in the documentation
**Methodology
  • Documentation/product cross-review
  • Verification of consistency between technical specifications and actual observations
Objective
  • Identify any discrepancies between what is declared and what is actually implemented, while helping you to gradually achieve compliance.

4. Our testing resources to guarantee a comprehensive assessment

  1. Secure laboratory Testing is carried out in a secure, isolated test environment that complies with cybersecurity best practice, guaranteeing data confidentiality and test reproducibility.
  2. Tools and platforms used We use a range of specialised tools to cover all the mechanisms required by the EN 18031-x standards:
    • Network mapping, detection of exposed services
    • Capture and analysis of network traffic
    • Realistic intrusion simulation (black/grey/white box)
    • Burp Suite: analysis of vulnerabilities on Web/API interfaces
    • Detection of known vulnerabilities
    • Brute force tests on authentication systems
    • Firmware analysis (extraction, reverse engineering)
    • Verification of TLS/SSL connections
  3. Customised test beds - Implementation of evaluation scenarios adapted to the architecture of each product
These resources enable us to carry out tests that are representative of real threats and to evaluate products under the most demanding conditions.

What sectors are involved in these trials?

telecom/IoT logo

Telecom / IoT & consumer electronics

Validation of RED and EN 18031 compliance for connected equipment: IoT objects, gateways, routers, smartphones, industrial sensors, etc
medical logo

Medical

Verification of security and data protection mechanisms for connected medical devices, in line with cybersecurity and RGPD requirements.
automotive, rail and marine logo

Automotive, rail and marine

Assessing the cybersecurity of on-board connected subsystems (V2X, telematics, remote diagnostics, remote monitoring, etc.).
aeronautics, space and defence logo

Aeronautics, space and defence

Analysis of the resilience and cybersecurity features built into critical communicating equipment, in relation to safety and sovereignty requirements.

Types of tests carried out on your products

To ensure compliance with the cybersecurity requirements of the RED directive and EN 18031-x standards, we carry out a series of technical and functional tests covering the following aspects:
  • Access and authentication tests
    Verification of access control mechanisms (ACM) and authentication mechanisms (AUM).
  • Secure update tests (SUM)
    Assessment of the integrity, authenticity and security of the update process.
  • Secure Storage Testing (SSM)
    Checks the protection of sensitive persistent data.
  • Secure Communication Testing (SCM)
    Verification of confidentiality, integrity and protection against replay attacks.
  • Resilience testing (RSM)
    Simulation of DoS/DDoS attacks to assess the robustness of the system.
  • Logging and suppression tests (LGM/DLM)
    Verification of event traceability and secure data deletion.
  • Network configuration analysis (NMM/TCM)
    Detection of abnormal or malicious behaviour via network interfaces.
  • Cryptographic testing (CCK/CRY)
    Assessment of key management, cryptography used and compliance with best practice

Talk to our cybersecurity experts

Contact us

Why choose the Emitech Group?

  • Secure your products against increasingly sophisticated cyber threats.
  • Help you comply with the amended RED Directive and EN 18031 standards.
  • Offer highly specialised testing and support services for your connected equipment.
  • Integrate cybersecurity right from the design phase to reduce your future risks ("security by design").
Ask for a quote

Needs

Discover a selection of additional resources that explore topics related to this page including regulatory contexts, technical articles, and specific areas of expertise. These materials provide further insight to help you better understand the key challenges and available solutions.

RED directive

Directive RED 2014/53/EU - CE marking

Guarantee the compliance of your radio equipment with the RED Directive 2014/53/EU: testing, cybersecurity, CE marking and certification with Emitech Certification, a Notified Body.
Read more
CE marking

CE marking

The CE marking is a sign certifying that a product complies with the essential safety, health and environmental protection requirements laid down by the European Union, and allowing it to circulate freely in the European Economic Area.
Read more
UAV testing and certification (UAS)

UAV testing and certification (UAS)

Class 1 to 4 drone certification and UAS testing: Regulation (EU) 2019/945 and EN 4709 standards. Ensure that your drones and UAS comply with European regulations.
Read more
Full vehicle test drive

Full vehicle test drive

validation, approval and fine-tuning. Carry out all your dynamic tests (WLTP, EMC, ADAS, GNSS)
Read more

Contact us for a quote

Anticipate regulatory requirements and protect your products today. Contact us for a personalised quote and secure your equipment to meet the new cybersecurity obligations of the European market.
Request a personalised quote
Expertise in cybersecurity
  1. Accueil
  2. Our activities
  3. Testing
  4. Cybersecurity
Logo_Emitech

With over 30 years of experience, the Emitech Group supports companies in the validation of their products and systems. Specialising in test engineering, the group offers a comprehensive range of services covering all testing, engineering, bench design, metrology and training needs. Its services are aimed at demanding sectors such as automotive, aerospace, rail, defence, energy, medical, telecoms and many others.

Our activities

Tests
Bench design
Engineering
Certification
Training
Metrology
Maintenance
 

Our sectors

Automotive and transport
Aeronautics
Defence
Energy
Industry & consumer
Medical
Telecoms

About us

About us
Recognition
Careers
Our sites
Contact us

© Groupe Emitech - Tous droits réservés - 2025 - Legal notices - Privacy Policy - Personal Data Management