EN 18031 is 600+ pages across three parts: EN 18031-1 (network protection, Art. 3(3)(d)), EN 18031-2 (personal data, Art. 3(3)(e)) and EN 18031-3 (fraud, Art. 3(3)(f)). You have evaluated your product against the applicable categories: access control, authentication, password management, secure communications, software integrity, secure updates, vulnerability management, event logging. The problem is not understanding the requirements — it is converting your assessment into a formal documentation package that satisfies Art. 21 and Annex V of Directive 2014/53/EU. A consultancy charges €5,000–20,000 to do exactly that. REDCheck does it in 30 minutes for €99: guided requirement-by-requirement input mapped to the EN 18031 categories, structured output in 5 PDF documents. Your knowledge, our structure.
€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser
EN 18031 defines the HOW. Directive 2014/53/EU defines the WHAT. REDCheck bridges the gap: your EN 18031 assessment becomes formal technical documentation under Art. 21.
The generator walks you through the EN 18031 categories requirement by requirement. Your answers are structured into the formal documentation package.
Applying EN 18031 is a technical achievement. Documenting that application is a legal requirement. Art. 21 of Directive 2014/53/EU requires the manufacturer to draw up technical documentation that contains 'all relevant data or details of the means used to ensure compliance.' Applying EN 18031 without documenting how you applied it is like passing an exam without handing in the paper.
An internal spreadsheet may contain the right data, but Art. 21 and Annex V require a specific structure: general product description (Annex V(a)), design drawings (V(b)), list of harmonised standards applied (V(d)), results of examinations (V(g)), test reports (V(h)). A spreadsheet that covers EN 18031 categories but does not follow the Annex V structure is incomplete technical documentation. Market surveillance authorities review against Annex V, not against your internal format.
EN 18031 is a harmonised standard that SUPPORTS conformity with the essential requirements. The legal obligation comes from the Directive. Your documentation must reference both: the Directive articles (Art. 3(3)(d), (e), (f)) AND the EN 18031 parts applied. Art. 16 grants presumption of conformity only when the harmonised standards are applied AND their references have been published in the OJEU. The documentation must make this chain explicit.
5 PDF documents structured by EN 18031 categories. Doc 2 (Cybersecurity Technical Documentation) maps your implementation status to ASM, AUM, CRM, SCM, SIM, SUM, VLM, ELM, PDM categories.
Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.
Art. 21 + Annex V. Requirement-by-requirement documentation.
Arts. 3(3)(d) and (e). Structured risk table.
Art. 18 + Annex VI.
Art. 10(9) + Annex VII.
Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.
Generated from your data, in your browser. No product data leaves your computer.
5 PDF documents. 30 min. €99 per product. Maps your EN 18031 assessment to the Annex V structure. This is what Art. 21 requires BEFORE your product can bear CE marking — regardless of conformity route.
If you fully apply EN 18031, Art. 16 grants presumption of conformity → Module A self-declaration (Annex II) without Notified Body. If partially applied or not applied: Art. 17(4) requires Module B+C (Annex III) or Module H (Annex IV) with Notified Body. REDCheck generates the Layer 1 documentation that is a prerequisite for EITHER route.
We do not assess your product. We do not interpret EN 18031. We structure the documentation that Art. 21 requires based on YOUR assessment of YOUR product.
Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive.
Art. 40 of Directive 2014/53/EU. Market surveillance authorities can require withdrawal across all 27 Member States.
Administrative fines under §19. Up to 1 year of imprisonment for serious offences under §20.
If you submit to a Notified Body without complete technical documentation under Annex V, the body will return your file incomplete. Art. 34(3): a Notified Body shall not issue a certificate if essential requirements have not been met. Incomplete documentation delays the process and costs money. Layer 1 first, then Layer 2.
| Alternative | Cost | What you get |
|---|---|---|
| Notified Body (full service) | €5,000–20,000 per model | Assessment + documentation. 2–6 months. Overkill if you already know EN 18031. |
| EU cybersecurity consultancy | €3,000–15,000 per model | Custom report. Weeks. Their format, not necessarily Annex V structure. |
| Structure documentation yourself | €0 (your time) | Annex V has 9 elements. EN 18031 has 600+ pages. No template. |
| REDCheck | €99 | Your EN 18031 assessment → 5 structured PDFs in 30 min |
If you document 10 or more product models, the Professional Pack saves 85%: €999 for 70 generations with a single license key. One generation per product model. Switch between products freely.
Request volume pricingREDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.
We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.
REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Five PDF documents. EN 18031 categories mapped to Art. 21 and Annex V. Your implementation status structured requirement by requirement. Your product data never leaves your browser.