The RED Directive and Cybersecurity: Analysis and Application of EN 18031 Standards for European Compliance

In the contemporary era of digitalization, the proliferation of connected devices has significantly expanded the attack surface, increasing potential cybersecurity risks. This thesis investigates the compliance of automotive diagnostic products with the European Radio Equipment Directive (RED 2014/53/EU) and the EN 18031 series of cybersecurity standards, focusing on TEXA S.p.A.'s Vehicle Communication Interfaces (VCI), specifically the NAVIGATOR TXT MULTIHUB 2. The research combines theoretical and practical approaches, beginning with an analysis of the regulatory landscape and the harmonization of the EN 18031 standard under RED. A detailed case study demonstrates the application of Threat Analysis and Risk Assessment (TARA) to identify assets, evaluate threat scenarios, assess potential impacts, and determine appropriate risk treatment strategies. The study emphasizes the importance of securing network, privacy, and financial assets through mechanisms such as access control, authentication, secure updates, and cryptography. To improve efficiency and accuracy in compliance verification, the thesis explores the automation of assessment processes through Agentic Retrieval-Augmented Generation (RAG) and Agentic Document Workflows (ADW), proposing a framework that integrates structured knowledge bases, guideline matching, and automated compliance reporting. The results highlight both the benefits and challenges of harmonized standards and automated compliance in ensuring the cybersecurity of connected automotive devices. This work contributes to the field by providing a structured methodology for evaluating product conformity, addressing emerging cybersecurity threats, and offering a scalable approach to automating compliance processes in accordance with European regulations.