Identify exactly which EN 18031 requirements apply to your product
Get a product-specific evidence checklist
Create evidence and justifications using state of the art AI technology
Get expert review when you need a human in the loop
Scope what applies under RED and EN 18031 for your product and architecture
Run a structured self-assessment with consistent answers your team can align on
Prepare evidence and documentation earlier, before testing or certification timelines create pressure
RED cybersecurity readiness for connected device manufacturers
QIMA Cyberexpert Platform helps manufacturers of internet connected devices with radio capability understand and apply EU Radio Equipment Directive (RED) cybersecurity requirements and EN 18031. It turns complex standards into a practical workflow your team can use early, while architecture and design decisions are still flexible.
Clarify what is in scope across device, app, backend, then run a structured threat and risk assessment to identify what you need to protect and evidence you must collect.
Turn EN 18031 into a product-specific, simplified requirements map and evidence check, tailored to your device architecture and compliance scope.
Get expert review of your assessment and documentation, and when needed, follow a testing pathway with CCLab to validate specific security requirements before release.
Why we built it
RED cybersecurity and EN 18031 are new, technical, and easy to misread. Many teams want to comply, but do not have a clear way to translate the standards into product decisions and documentation without expensive, slow external cycles.
For manufacturers of wireless connected products, compliance with EN 18031 is effectively the fastest path to CRA readiness. It already addresses the core cybersecurity principles the CRA will apply across digital products, but in the specific context of products that fall within RED scope.
In practice, EN 18031 provides the technical backbone for CRA compliance well before full enforcement in 2027. The main gap is not in the security fundamentals, but in lifecycle obligations and product categorisation. Even there, vulnerability management, including identification, remediation, and coordinated disclosure, is already largely aligned.
This means manufacturers investing in RED cybersecurity today are already building much of the technical backbone of CRA compliance, including evidence, processes, and technical documentation, for the wireless connected products within their portfolio.
With CRA harmonised standards still under development, EN 18031 remains the most concrete and actionable standard available today for manufacturers of products in RED scope, and the most practical starting point for achieving CRA compliance with minimal rework.
Cyberexpert’s CRA compliance capabilities are already in development, with release expected in 2027.
QIMA Cyberexpert Platform is a readiness layer between spreadsheets and external support, like consultants, labs, and notified bodies. When uncertainty remains, expert escalation is available, including expert review and, when needed, a testing pathway via CCLab.
QIMA Cyberexpert Platform helps you prepare for RED cybersecurity requirements with a structured self-assessment workflow and documentation support. It is designed for readiness. Responsibility remains with the manufacturer. Read more
Applicability summary, which EN 18031 standards apply to your product
Product specific requirements map, tied to your device features and interfaces Evidence checklist, what to document Risk assessment summary, key risks and threats with live risk graph
Exportable evidence and justification set, for internal review and for the technical file
Vulnerability management platform for maintenance Cyberexpert is built for manufacturers that need to design and maintain products that meet European cybersecurity regulations. It gives cross-functional teams a shared workspace to map requirements, collect evidence, and stay on track through releases.
Start with scope, upgrade when you need readiness outputs
QIMA Cyberexpert Platform helps connected device manufacturers understand EU Radio Equipment Directive (RED) cybersecurity requirements and EN 18031, then prepare self-assessment and documentation with structure.
Yes. The platform enables organizations to rapidly assess the security posture of their IoT devices against the harmonized EU standard EN 18031.
Within approximately one hour, you can generate product-specific requirements that you can use to design or verify your product’s security posture and compliance.
You can submit your assessment to our cybersecurity professionals for review and validation, which can then be used for testing and the official EU Declaration of Conformity (DoC).
We offer a Free Plan for immediate product scoping and risk assessment—perfect for seeing exactly which requirements apply to your device at no cost.
Our Professional Plan is designed for compliance execution. It unlocks the exact security requirements, the AI assistant, expert verification, vulnerability management, and more. License fees are reinvested into the continuous development of the platform, ensuring an ever-stronger solution.
The platform is in its Early Access (MVP) stage. It already delivers core functionalities such as product scoping, vulnerability management, and cybersecurity compliance mapping. Early adopters benefit from preferred pricing and the unique opportunity to influence upcoming features, such as AI-driven verification, tailored to their specific needs.
The platform is developed and supported by a team of seasoned cybersecurity professionals and industry advisors from QIMA and CCLab. Together, they bring extensive expertise in securing embedded devices and ensuring compliance with international standards like EN 18031.
Traditional consultancy is slow and often costs 3–4x more per product. Excel spreadsheets are prone to errors and difficult to update as standards change. Cyberexpert is an automated, specialized platform that stays up-to-date with the latest RED cybersecurity regulations, saving you weeks of manual work and significantly reducing costs.