Radio equipment directive 2014/53/EU sets essential requirements for wireless products. Rules regarding the cybersecurity of certain wireless products have been detailed in (EU) 2022/30. After the publication of Decision (EU) 2025/138 there are now three harmonised standards available that provide a presumption of conformity with the essential requirements set out in Articles 3(3)(d), (e) and (f).
The harmonisation of these standards does come with restrictions, because in some cases the standards allow freedom that conflicts with the essential requirements. For instance, clauses 6.2.5.1 and 6.2.5.2 of standard EN 18031-1:2024 allow users not to set and use a password, this introduces an unacceptable (cyber)security risk. Other restrictions concern parental or guardian control, secure update mechanisms and some informative (not normative) parts in the standards.
For more details on standards and legislation refer to the article on cybersecurity in ProductIPedia.