.jpg "ONEKEY GmbH")
New Automated Cybersecurity Testing for Embedded Software Available in Compliance with RED II EN18031 Standard
New Automated Cybersecurity Testing for Embedded Software Available in Compliance with RED II EN18031 Standard
With the new simplified, automated testing process, embedded software can be checked within minutes for potential vulnerabilities and non-compliance with the RED II, EN 18031-1 directive.
Düsseldorf, 23 July 2025 – Starting in August of this year, connected digital products will be required to comply with the EU Directive RED II (Radio Equipment Directive) EN 18031. In response, Düsseldorf-based cybersecurity company ONEKEY has integrated testing for RED II, EN 18031-1 into its automated cybersecurity platform.
“We are expanding the capabilities of our automated platform to include this key EU directive, which is mandatory for all manufacturers of products containing radio modules. This underlines our commitment to providing customers with comprehensive and up-to-date compliance support,” said Jan Wendenburg, CEO of ONEKEY. The new automated RED II testing is primarily aimed at manufacturers and OEMs of smart devices, machines, and systems. In addition, the ONEKEY platform’s Compliance Wizard already includes other relevant standards such as the Cyber Resilience Act, IEC 62443-4-2, ISO 303645, UNR 155, UK PSTI, and many more. Coverage of these standards is being continuously expanding.
Automated RED II Analysis and Structured Documentation via Decision Tree
Key application areas include fully automated technical software analysis to identify vulnerabilities and compliance gaps, as well as structured documentation using a decision tree. This enables customers to automatically check specific technical RED II requirements within minutes through binary analysis. Non-compliant areas—the gaps between the standard and the software—are automatically identified and documented with supporting technical evidence.
The remaining RED II EN18031-1 requirements—mostly organizational in nature—can then be addressed step by step through an intelligent decision tree, directly linked to the specific RED provisions. In many cases, answers are pre-filled automatically based on previous analysis results, while manual review and adjustment remain possible at any time.
“With the integration of RED II EN 18031-1, we’re providing our customers another powerful tool to proactively and efficiently meet the growing demands of regulations through automation,” emphasized Jan Wendenburg, highlighting ONEKEY’s commitment to innovation leadership.
Background on RED II EN 18031
The Radio Equipment Directive (RED) 2014/53/EU of the European Union is a key regulatory framework for connected devices, systems, and machines, as it defines essential requirements for radio equipment sold in the EU market. With the growing number of industrial machines, sensors, actuators, and other digital products being connected via wireless communication (Internet of Things, IoT, Industry 4.0), these products now fall under the scope of the updated RED II EN 18031, or Delegated Regulation (EU) 2022/30, which was introduced in 2022.
The directive is intended to ensure that these devices provide electromagnetic compatibility and appropriate cybersecurity to prevent interference in radio communications. It requires manufacturers to ensure that any product using radio technologies complies with the essential requirements of the directive before being placed on the European market. This applies not only to traditional communication devices but increasingly to industrial products that integrate radio modules for use in smart factories, logistics, or the control of autonomous machinery.
These requirements for cybersecurity and electromagnetic compatibility are particularly critical in industrial environments, where malfunctions or cyberattacks on connected systems could have far-reaching consequences.
Further information about the ONEKEY Compliance Wizard is available at: https://onekey.com/compliance-wizard/
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of the automated ONEKEY Product Cybersecurity & Compliance Platform (OCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes - without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. "Digital Cyber Twins" enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the EU Cyber Resilience Act (CRA) and requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform (OCP) and ONEKEY Cybersecurity Experts.
Further information: ONEKEY GmbH, Sara Fortmann, Email: sara.fortmann@onekey.com, Kaiserswerther Straße 45, 40477 Düsseldorf, Germany, Web: www.onekey.com PR Agency: euromarcom public relations GmbH, Mühlhohle 2, 65205 Wiesbaden, Germany, Email: team@euromarcom.de, Web: www.euromarcom.de
- - - -