As the world becomes increasingly connected, cybersecurity and privacy protections have taken centre stage in regulatory frameworks. The European Union’s Radio Equipment Directive (RED), particularly its Article 3.3, is at the forefront of ensuring that wireless devices sold within the EU market meet stringent cybersecurity requirements. The recent updates to the RED regulations, specifically the 2022/30/EU delegated regulation, and the introduction of the EN 18031: 2024 Common security requirements for radio equipment set of standards, highlight the critical need for secure data storage, resilient software updates, and robust access control mechanisms.
Winbond's cutting-edge W77Q and W77T Secure Flash memory solutions have been designed to meet these exacting standards, offering a robust, easy-to-integrate solution for manufacturers seeking to achieve compliance with RED cybersecurity requirements. The EN 18031 standards outline key requirements, and Winbond’s secure memory products are specifically engineered to support these regulations, providing essential features like secure storage, encrypted software updates, and resilience mechanisms.
The Radio Equipment Directive (RED) and EN 18031 Common Security Requirements for Radio Equipment set of Standards
The European Commission’s Radio Equipment Directive (RED) 2014/53/EU establishes the legal framework for placing radio equipment on the EU market. As of January 2022, delegated regulation 2022/30/EU mandates compliance with Article 3.3, covering three critical areas: data protection, fraud prevention, and emergency services access. From August 2025, any non-compliant device will face potential market exclusion.
The EN 18031: 2024 standards are crucial for ensuring compliance with these new security measures. This includes the protection of personal data, prevention of cyberattacks, and the capacity to securely update software—an essential factor in maintaining device security over time.
Key Security Enhancements Under EN 18031
The EN 18031 standards address several critical areas to ensure comprehensive security throughout the lifecycle of connected devices:
- Access Control: Devices are required to have mechanisms in place to prevent unauthorised access to security and network assets. This includes the use of remote and local authentication to protect sensitive data.
- Secure Software Updates: A key requirement is the capability to deploy secure software updates that address vulnerabilities and maintain regulatory compliance. This includes ensuring that updates are encrypted, authenticated, and protected against rollback, with support for post-quantum cryptography (PQC), such as the Leighton-Micali Signature (LMS) scheme, which meets NSA CNSA 2.0 standards.
- Secure Storage and Communication: The standards emphasise the importance of robust cryptographic key management and secure storage for safeguarding sensitive data. Compliance requires secure storage systems that adhere to certifications like Common Criteria (CC) and SESIP.
Winbond W77Q and W77T: The Future of Secure Flash
The W77Q and W77T families of secure flash memory devices from Winbond are tailored to meet the demands of the EN 18031 standards, providing manufacturers with a powerful, drop-in replacement for existing SPI NOR flash solutions. These devices are particularly beneficial for IoT platforms, automotive systems, and industrial applications, where cybersecurity is paramount.
Key Features of Winbond’s Secure Flash Products:
- Post-Quantum Cryptography (PQC): As cybersecurity evolves, so too must cryptographic techniques. Winbond’s W77Q series is ahead of the curve, supporting PQC algorithms that protect devices from future quantum computing threats.
- Secure Over-the-Air (OTA) Updates: Both the W77Q and W77T families support secure OTA firmware updates, a crucial feature for maintaining device security post-deployment.
- Resilience Mechanisms: Winbond’s devices meet NIST SP 800-193 requirements for platform resilience, ensuring that systems can automatically recover from attacks or adverse conditions.
- Automotive Certifications: The W77T series is designed for high-speed data transfer with Octal SPI and meets automotive standards such as ISO 21434 and ISO 26262, making it ideal for automotive cybersecurity applications.
As cybersecurity regulations change, it’s important for manufacturers to future-proof their products. Winbond’s secure flash solutions not only comply with current EN 18031 requirements but are also designed to meet future mandates, such as ETSI EN 303 645, NIST IR 8259A, NIST IR 8425, IEC 62443 and CNSA 2.0, which becomes mandatory in 2025.
By incorporating these memory solutions into their designs, manufacturers can ensure compliance with the EU’s CE marking requirements and avoid penalties, market exclusion, or damage to their reputation. Winbond’s certified supply chain and security certifications (Common Criteria, SESIP Certified Secure Storage, FIPS 140-3) provide further assurance of their commitment to robust, secure product development.
Trust in Winbond for RED Compliance
Winbond’s W77Q and W77T secure flash devices offer manufacturers a simple, effective path to compliance with the latest cybersecurity standards under the Radio Equipment Directive. With features like secure storage, authenticated software updates, cryptographic key management, and resilience mechanisms, Winbond products help manufacturers meet the EN 18031 requirements, reduce cybersecurity risks, and ensure long-term device integrity.
As the August 2025 deadline for mandatory compliance with RED cybersecurity regulations approaches, manufacturers must act now to secure their products and their place in the European market. Winbond’s secure flash memory is the solution to ensure your devices meet—and exceed—today’s rigorous security standards.
For more information on how Winbond’s secure flash products can help your company achieve RED compliance, contact us at TrustME@winbond.com or visit Winbond Technical Support.