QIMA launches Cyberexpert, an AI-assisted compliance readiness platform that helps IoT manufacturers scope RED cybersecurity requirements, map EN 18031 evidence needs, and prepare for expert review or testing through CCLab – with a free scoping tier for small and mid-sized manufacturers.

QIMA, a global leader in testing, inspection, and certification, today launched Cyberexpert (cyberexpert.qima.com), a compliance readiness platform for manufacturers of internet-connected radio products preparing for the EU Radio Equipment Directive (RED) cybersecurity requirements and the harmonized standard EN 18031. The platform helps manufacturers understand which requirements apply to their product, structure a risk assessment, prepare evidence and documentation, and identify where expert review or testing is needed — early, while design decisions are still open.

RED cybersecurity requirements became mandatory on 1 August 2025, enforced through the multi-part harmonized standard covering network protection, personal data and privacy, and fraud prevention. Nine months on, based on its cybersecurity assessment experience, QIMA estimates that only 5 to 10 percent of connected radio products currently on the EU market would be ready to demonstrate EN 18031 alignment if challenged. The rest face open questions over technical documentation, evidence, and continued market access if a surveillance authority comes calling.

The gap is rarely about unwillingness. Most manufacturers want to comply but cannot tell what applies to their product, how to structure evidence, or how much is enough. The most common — and most expensive — error QIMA's cybersecurity engineers see is a team deciding their product is out of scope when it is not, often because they assume a pre-certified radio module covers the whole product.

A readiness layer between spreadsheets and lab cycles

Most manufacturers prepare for RED with a mix of consultants, internal spreadsheets, and ad-hoc lab engagements — slow, costly, and prone to scope gaps. Cyberexpert sits before testing and certification, giving regulatory, product security, R&D, and QA teams a shared workspace to scope what applies, run a structured self-assessment, and prepare technical documentation early, while design decisions can still be changed.

The platform's AI product security assistant is built on CCLab's proprietary cybersecurity assessment data rather than a general-purpose model working from the published standard alone, so its guidance reflects how a connected product is evaluated against EN 18031.

Cyberexpert is available in a free tier and a Professional plan, with pricing and full feature details here.

For decades, getting ready for a new EU regulation meant calling a consultant or a lab. EN 18031 is too complex, too new, and affects too many products for that to scale. We built Cyberexpert because the work that has to happen, knowing what applies, mapping requirements to the product, preparing evidence, should happen early and inside the manufacturer's own team, with the right structure. Lab testing and expert review still matter, and they are built into the workflow when teams need them. But preparation should not be locked behind a consulting day rate." — Jonatan Bodo, Information Security Expert, CCLab (a QIMA company)

An integrated path from readiness to testing

What separates Cyberexpert from standalone compliance tools is its connection to QIMA's testing, and inspection footprint. Teams can move from scoping in the platform, to expert review by CCLab cybersecurity engineers, and when needed into a coordinated testing pathway at CCLab. The evidence prepared in Cyberexpert is structured to support the documentation needed later in that process. Responsibility for compliance, and for any Declaration of Conformity, remains with the manufacturer.

CCLab, a QIMA company since 2022, brings cybersecurity testing and evaluation experience across IoT, industrial, and consumer connected products to the platform's expert-review and testing pathway.

“The teams we work with are not blocked by intent. They are blocked by interpretation. EN 18031 is dense, and the most common late-stage problem we see is scope drift: a team assuming a certified radio module covers the full product, or treating documentation as something to produce after testing rather than alongside design. Cyberexpert front-loads that work in a structured way, so by the time a product reaches the lab the evidence is in place and the iteration cycles are shorter." — Ferenc Molnar, CEO, CCLab (a QIMA company)

Built for RED today, designed with the Cyber Resilience Act in view

The EN 18031 series is widely expected to inform the harmonized standards under development for the EU Cyber Resilience Act (CRA), whose reporting obligations apply from 11 September 2026 and whose main obligations apply from 11 December 2027. Manufacturers doing RED cybersecurity work now are building part of the structure they will also need for the CRA, particularly around evidence, product security, vulnerability management, and technical documentation, although RED compliance does not by itself establish CRA compliance. CRA-specific capabilities in Cyberexpert, including vulnerability management workflows, are planned as part of the platform’s roadmap.

Availability

Cyberexpert is available now at cyberexpert.qima.com. Manufacturers can begin a free scoping assessment with no sales contact required and can upgrade to the Professional plan or request a demo. QIMA will host a webinar on 23 June 2026 at 10:00 CET, walking manufacturers through EN 18031 scoping and readiness; registration details are available here.

Responsibility for compliance with RED and EN 18031 remains with the manufacturer. Cyberexpert provides readiness, self-assessment, and documentation support, and does not constitute legal advice or certification.

---

About QIMA

At QIMA, we are on a mission to help our clients make products consumers can trust. We have developed compliance solutions for testing, inspection and certification (TIC) that enable supply chain agility, sustainability, and product innovation. Our services are used by 30,000 businesses globally in the consumer products, agri-food and life sciences industries. What truly sets us apart is our unique culture of relentless care for our clients, and a commitment to offering intuitive solutions that blend deep tech and human intelligence; this is how QIMA continues to disrupt the Testing, Inspection and Certification industry.

About CCLab

CCLab is a cybersecurity laboratory and a QIMA company. It provides accredited cybersecurity testing and evaluation services for IoT, industrial, and consumer connected products, including under the EU Radio Equipment Directive, ETSI EN 303 645, and IEC 62443, and works with manufacturers preparing for the EU Cyber Resilience Act. Learn more at cclab.com.

Media Contact

Stephanie Li

Senior Marketing & Communication Manager stephanie.li@qima.com