From 1 August 2025, the EU will enforce new cybersecurity requirements for a wide range of connected equipment, including devices used in lift communication systems.
That includes lift telephones, GSM gateways, and cloud-based lift monitoring platforms.
The RED (Radio Equipment Directive) Delegated Act on cybersecurity (Regulation EU 2022/30) aims to strengthen the security of internet-connected radio products sold in the EU by introducing three additional requirements. These updates are designed to protect networks, safeguard personal data, and reduce the risk of fraud.
It marks a fundamental shift in how connected emergency lift devices, like telephones, GSM gateways, and lift monitoring platforms, must be designed, installed, and secured.
At AVIRE, we’ve taken proactive steps to align with the new cybersecurity requirements outlined in EN 18031. So, you can trust that our solutions are fully prepared.
What Is the RED Directive?
The Delegated Act expands the existing Radio Equipment Directive to cover cybersecurity for connected products sold in the EU, including those that connect indirectly via another device.
If you install emergency lift telephones, GSM or 4G gateways, or use a monitoring platform like the AVIRE HUB, these rules apply to you.
These changes are about protecting people, buildings, and networks, ensuring only secure, trustworthy devices are allowed online.
If digital products don’t comply?
They could be blocked from connecting to the internet, fail compliance checks on site, or put your customers lifts and your business at risk.
What’s Changing?
Three new rules will apply to products that connect to the internet, even indirectly via another device.
- EN 18031‑1:2024 – Network protection
- EN 18031‑2:2024 – Privacy & personal data
- EN 18031‑3:2024 – Fraud protection
Note: Not all three rules apply to every product. Devices are covered based on how they connect and the type of data they process.
How AVIRE Meets the Requirements
To comply with the RED Directive and EN 18031-1 standards, AVIRE has made targeted updates across our product range. Here’s what the regulation requires, and how we’ve responded:
EN 18031‑1:2024 – Network Protection
Devices must not misuse or disrupt the networks they connect to. That includes blocking risky behaviour like signal jamming, overloading, or communication failure.
Why it matters:
Reliable, uninterrupted emergency connections are essential, especially during a crisis.
What we’ve done:
✔ Our devices now ship with a unique PIN code (no generic/default PINs allowed).
✔ All products include a valid CA certificate to confirm they’re trusted and secure.
✔ We use TLS encryption to protect every network connection, including SIP/VoIP.
