The new reality for connected charging points.
Today, charging infrastructure is more than just technology for refueling with electricity. It is part of a digital ecosystem with wireless modules, backend communication, user identification, and payment processing. This also drastically increases the requirements for its cybersecurity. And legislation is following suit.
Since August 1, 2025, the Delegated Regulation to the RED Directive (EU 2022/30) has been binding. It obliges manufacturers of radio equipment – including charging points with RFID, Wi-Fi, or cellular communication – to comply with strict security requirements. Technical implementation is carried out via the harmonized standards EN 18031-1, -2, and -3, which define requirements for network resilience, data protection, and fraud protection. Only those who fully implement these standards can claim “presumption of conformity.” This is a decisive advantage for CE marking.
But the RED is only the beginning: on December 10, 2024, the Cyber Resilience Act (CRA) came into force. The first reporting requirements for security incidents will apply from September 11, 2026, with full compliance required from December 11, 2027.
The CRA significantly expands the scope of application: it affects all products with digital elements, regardless of whether they contain wireless modules. The aim is to create uniform cybersecurity requirements throughout the entire product lifecycle: from development and maintenance to vulnerability reporting.
Why both laws are important and how they are related
The RED Delegated Regulation and the CRA pursue the same goal: greater cybersecurity for digital products. While the RED focuses on radio equipment, the CRA is much broader in scope. According to ENISA and CENELEC, the EN 18031 standards developed for the RED also serve as the technical basis for CRA compliance.
This means that anyone who develops RED-compliant products today will be prepared for the Cyber Resilience Act tomorrow.
CHARX control modular: The answer to regulatory and technical challenges
With a specialized development team, Phoenix Contact is constantly working to keep the software for the AC charging controller CHARX control modular up to date and improve it. This ensures that CHARX control modular always meets the latest security requirements and closes security gaps reliably and promptly. In addition, the charging controller meets the requirements of the RED directive and is prepared for the requirements of the Cyber Resilience Act.
The following features ensure security at all required levels:
- Access control: Role-based access control (RBAC), password protection, mandatory password change, brute force protection
- Communication: TLS 1.2/1.3, SSH, OCPP Security Profile 2 – with replay, integrity, and confidentiality protection
- Update security: RSA-PSS signatures with SHA-512, time-controlled updates, protection of ongoing charging processes
- Data protection: Protected flash memory, firewall rules, input validation
Take advantage of our expertise and secure your market position
Full implementation of the EN 18031 standards enables Phoenix Contact to presume conformity with the RED Directive – a decisive advantage for CE marking and market approval. But this is more than just a regulatory hurdle:
With CHARX control modular, manufacturers and operators benefit from a solution that is not only technically mature, but also strategically well thought out. It is based on the latest security standards, already meets key CRA requirements, and offers:
- Legal certainty for operators and OEMs,
- Trust among customers and authorities,
- Future-proofing through documented compliance and continuous vulnerability assessment.
Take advantage of our expertise to make your charging infrastructure not only secure, but also competitive and future-proof.
With CHARX control modular, you are investing in a solution that strengthens your market position and makes your products fit for future requirements.
Conclusion: Act today to be secure tomorrow
The requirements for charging infrastructure are increasing, both technically and regulatory. With CHARX control modular, Phoenix Contact offers a solution that combines safety, compliance, and future-proofing.
Safe today. Resilient for tomorrow.
FAQ
Häufig gestellte Fragen
Why is cybersecurity so important for AC charging infrastructure?
With the increasing digitalization of charging points, including wireless modules, backend communication, and payment processing, cybersecurity requirements are also increasing. Only through consistent security measures can operators and manufacturers protect their systems from attacks and comply with legal requirements.
What exactly do the RED Directive and the Cyber Resilience Act (CRA) require?
The RED Directive (EU 2022/30) requires manufacturers of radio equipment to comply with strict security requirements, such as network resilience and data protection, from August 2025. The CRA extends these requirements to all products with digital elements from December 2027 and demands cybersecurity throughout the entire product lifecycle.
How does CHARX control modular support compliance with RED and CRA?
CHARX control modular from Phoenix Contact already meets the requirements of the RED Directive and is prepared for the CRA. The system offers modern safety functions such as role-based access control, encrypted communication, and regular software updates to make charging infrastructure secure, compliant, and future-proof.
Discover suitable products now
Here you will find a selection of relevant products – based on the topics and recommendations from our blog post.
