In October 2021, the European Commission approved a delegated act to the Radio Equipment Directive (RED) that made puts cybersecurity requirements on all internet-connected radio equipment from 1 August 2025.
The requirements will apply to most EV charging stations, as they use wireless communications and can be connected to the internet. Even if a CPO would normally use a segregated telecom network not connected to the internet, the requirements would probably still apply, because the charging station can be connected to the internet by changing networks.
Most charging station manufacturers will probably comply with the cybersecurity requirements by implementing the harmonized standard under development for the RED delegated act, called EN 18031. Manufacturers can comply directly with the delegated act without implementing the standard. But then they must show compliance using a stricter conformity assessment. There is limited capacity at notified bodies to perform such assessments.
To understand what manufacturers will have to do to comply with the harmonized standard, we have compared the EN 18031 standard to the EV-311 requirements that we have developed for EV charging stations (EV-311 Security requirements from IEC 62443 for procuring EV charging stations, version 2024v0.4).
