Skip to main content
You are currently viewing: Global
All markets
Global
Austria
Belgium FR
Belgium NL
Czech Republic
Denmark
Finland
France
Germany
Hungary
India
Ireland
Italy
Netherlands
Poland
Romania
Singapore
Spain
Sweden
Turkey
UAE
United Kingdom

Keeping Your Ventilation System Secure: How ISYteq 4.0 Adapts to EN 18031

Theme
System personalisation
Reading time
13 minutes
Published
By
Johan Bjärklev

Digital security might not be the first thing you think about when discussing an air handling unit. Traditionally, ventilation has been viewed as mechanical equipment - fans, filters, dampers, and ducts. But today’s HVAC systems are far more advanced. They include powerful control systems, web interfaces, remote service functionality, and cloud connectivity.

As buildings become smarter and more connected, even a ventilation unit can become a cyber target - making Europe’s strengthened EN 18031 standard essential.

FläktGroup’s updated ISYteq 4.0 safeguards your system while preserving the full benefits of our digital services.

Key insights at a glance

As buildings become increasingly digital, even ventilation systems must meet modern cybersecurity standards. FläktGroup’s update to ISYteq 4.0 ensures stronger protection, full compliance with EN 18031, and continued access to valuable cloudbased services.

  • Cybersecurity is now essential for HVAC systems - As connectivity increases, AHUs can become network entry points for automated cyberattacks—making secure control systems crucial. 
  • EN 18031 sets clear security rules for AHU manufacturers - The standard defines how authentication, network communication, password handling, and remote access must be protected across all EUconnected ventilation equipment. 
  • ISYteq 4.0 has been upgraded for full compliance - FläktGroup redesigned both firmware and application software to restore secure 4G modem functionality while meeting every requirement of EN 18031. 
  • Major enhancements strengthen digital protection - Improvements include HTTPS-only communication, removal of insecure channels (email/SMS alarms, WiFi), enforced strong passwords, encrypted password storage, and bruteforce attack prevention. 
  • Security does not replace convenience - Despite tighter rules, users still benefit from digital services such as CAREconnect and Cloud for ISYteq—offering remote monitoring, alarms, and full HMI access via web browser. 
  • Futureproofing through proactive compliance - With EU legislation evolving quickly, FläktGroup’s updates ensure installations remain secure, aligned with new standards, and prepared for future regulatory changes. 

With the increasing connectivity of modern building, even something as “ordinary” as a ventilation unit can become a potential target for cyberattacks. And this is exactly why Europe is now strengthening legislation and standards to protect digital assets.

One of these standards, EN 18031, applies to all air handling unit manufacturers in the EU who offer internet-connected control systems including radio equipment. At FläktGroup, we have proactively updated our ISYteq 4.0 control system to meet these requirements while making sure customers can still benefit from our digital services such as CAREconnect and Cloud for ISYteq.

Below we explain what this change means, why it matters, and how it protects you. 

Why this matters: The growing cyber risk in building systems 

Before looking at standards, compliance, or updated control systems, it’s important to understand why ventilation equipment is now a legitimate cybersecurity concern. Modern buildings have evolved into complex digital ecosystems, where even a single weak point can be exploited: 

  • Interconnect building technologies – HVAC, lighting, access control, security systems and energy management all share network infrastructure 
  • Growing online connectivity – Remote access, cloud platforms and web-based HMIs create new digital entry points 
  • Automated cyberattacks – These attackers use scanning tools to identify unsecured devices, regardless of industry or size 

This shift into a digital age means even the humble air handling, who was once considered purely mechanical, can now become a cyber target. That’s why standards like EN 18031 are emerging and why updates such as FläktGroup’s improvements to ISYteq 4.0 are essential.  

Why Cybersecurity Matters – Even for an Air Handling Unit

You may wonder: Why would anyone attack a ventilation system? 

There are several reasons:

1. Buildings are becoming digital ecosystems 

Modern buildings rely on interconnected systems - heating, cooling, ventilation, access control, lighting, and more. If an attacker gains access to one weak point, they may reach the rest of the network. 

2. Ventilation systems are online 

Features like remote monitoring, alarms, and cloud access make life easier for building owners. But they also create potential entry points for unauthorized access if not properly secured. 

3. Attacks are no longer personal - they’re automated 

Cyberattacks today are often carried out by automated tools scanning the internet for vulnerable devices. An air handling unit left unprotected may be used as: 

  • A “stepping stone” to reach other systems 
  • A platform to launch attacks on other networks 
  • A target for manipulation that could interrupt building operation 

4. EU legislation is tightening fast 

In recent years, Europe has introduced several initiatives to protect digital systems—especially in critical infrastructure and commercial buildings. We can already see these rules affecting manufacturers across the industry, and more updates are expected in the coming years.


This is why EN 18031 exists. And this is why FläktGroup has acted quickly to ensure ISYteq 4.0 complies without compromising the services our customers rely on. 

What Is EN 18031?

EN 18031 is a relatively new European cybersecurity standard that applies to air handling units and their control systems. It defines how systems must handle:

  • User authentication 
  • Network communication 
  • Stored passwords 
  • Remote connectivity 
  • Configuration and commissioning 

All manufacturers must follow these rules. The goal is to ensure that ventilation equipment across Europe cannot be used by criminals as weak links in a building’s digital environment.

At FläktGroup, we support this direction. Better protection benefits everyone - installers, service teams, building owners, and the occupants inside.

How FläktGroup Ensures Both Security and Convenience

When EN 18031 came into effect, our first priority was to remain compliant. This initially meant temporarily blocking the built-in 4G modem in ISYteq 4.0.

However, we knew our customers would benefit from our wireless digital services such as:

  • CAREconnect - Designed to harness real-time data, predictive insights and intelligent resource optimisation, CAREconnect delivers a smarter, more efficient, proactive approach to servicing.
  • Cloud connectivity - Cloud for ISYteq provides users with a quick and easy overview of all their connected air handling units. Alarm notifications enable users to respond quickly and efficiently in the event of a failure. They also have full access to the HMI display from any web browser with an internet connection.

So we set out to redesign the firmware and application software so the modem could be safely activated again - while fully meeting the requirements of EN 18031.

The result is a new ISYteq 4.0 software release that enhances security, protects customer data, and restores the full functionality of our digital services. 
 
Key Improvements in the New ISYteq 4.0 Release

Here are the most important changes introduced to meet EN 18031.

Secure web communication (HTTPS): We have upgraded the internal web server from HTTP to HTTPS, ensuring encrypted communication between the user and the control system.

Removal of unsecure communication channels: To eliminate risk, we removed: 

  • Email alarm notifications
  • SMS alarm notifications
  • WiFi functionality in the HMI

Since these features relied on technologies that cannot meet EN 18031 security requirements.

Completely redesigned login and password handling

This is the biggest visible change for users. When a new system is powered up, you will now:

  1. Log in as SystemAdmin 
  2. Be forced to set a new secure password 
  3. Create normal user accounts 
  4. Optionally require users to change their password at first login 

Only after this setup can commissioning begin. 

Strong password rules

Passwords must include:

  • Minimum 8 characters
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 special character

Protection against brute force attacks

If the wrong password is entered multiple times, the system imposes increasing delays between attempts. This prevents attackers from “guessing” their way in.

Encrypted password storage 

Passwords stored in ISYteq 4.0 are irreversibly encrypted. 

If a password is lost, it cannot be retrieved, only reset. 

FläktGroup Service can restore the system to factory settings if needed (additional service cost may apply).

What This Means for You

  • Greater protection for your building - Your digital assets are better protected from unauthorized access, manipulation, and cyber threats.
  • Compliance with EU standards - Your installation is aligned with current European security requirements.
  • Secure access without complexity - You still get the convenience of remote access, cloud services, and support—now with significantly enhanced security.
  • Futureproof investment - As regulations continue to evolve, FläktGroup is committed to keeping your systems compliant and protected. 

FläktGroup’s Commitment to HVAC System Security

At FläktGroup, we care about protecting our customers’ systems, both mechanically and digitally. Our goal is to make advanced functionality available without exposing users to unnecessary risk.

The enhanced ISYteq 4.0 software release is just the beginning. As European legislation continues to evolve, we will stay ahead to ensure your ventilation systems remain safe, compliant, and easy to use. 

Related Videos

Watch our Webinar: Why Cyber Security Matters for HVAC (EN 18031)

In this webinar, Johan Bjärklev, part of the Commercial AHU Controls team at FläktGroup, walks us through how ISYteq 4.0 AHU controls align with EN 18031 and the upgrades made to enhance security for customers.

As buildings become smarter and more connected, even a ventilation unit can become a cyber target - making Europe’s strengthened EN 18031 standard essential.

FläktGroup’s updated ISYteq 4.0 safeguards your system while preserving the full benefits of our digital services.

Watch our Guide: How to Log In to ISYteq 4.0 AHU Controls

In this video we demonstrate how to log in to ISYteq 4.0 for the first time.

ISYteq 4.0 is designed to deliver unparalleled efficiency and control for FläktGroup's Air Handling Units (AHUs). With advanced algorithms, simple navigation, and full connectivity, it sets a new standard for building automation. 

Without a modern purpose-built factory fitted control system, air handling systems often suffer from inefficient energy use, inconsistent indoor climate, and a lack of seasonal adaptability. This can lead to higher operating costs, uncomfortable conditions for occupants, and increased wear on components due to suboptimal operation.

Now you can experience it firsthand through our interactive demo.

Try the Demo

Deep Dive: Technical Background

This section is intended for readers who want more detail on why these changes were necessary and how they work.

Why older login systems fail EN 18031

Traditionally, most manufacturers used fixed 4digit PIN codes for different access levels. 

But EN 18031 bans this because: 

  • Short PINs are easy to guess 
  • They may be shared or reused across units 
  • They offer no protection against automated attacks 

ISYteq 4.0 now uses full password-based authentication with secure storage.

Why we removed email/SMS notification features

Under the updated European cybersecurity framework, particularly EN 18031‑2, systems that process or transmit personal data, traffic data, or location data must follow strict protection requirements. Alarm notifications sent by e‑mail or SMS fall into this category because they may include information that can be connected to a specific person, site, or asset.

Traditional e‑mail and SMS channels do not provide encrypted, end‑to‑end secure transmission and therefore cannot meet the protection level required for equipment that handles such data.

To ensure full compliance with EN 18031‑2 and to prevent any risk of personal or system‑related data being exposed, we have removed both e‑mail and SMS alarm functions from ISYteq 4.0. 

However, our Cloud for ISYteq cloud service still allows you to receive alarm notifications via email and SMS. 
 
Why WiFi was removed

Local WiFi hotspots embedded in equipment are frequent targets for attackers. Wired and mobile network connections provide stronger and more controllable security.

Why password recovery is not possible 

Passwords are stored using oneway cryptographic hashing. 

This means they cannot be decrypted, only replaced. 

This is a requirement in cybersecurity standards across industries. 

How to handle your passwords 

For maximum security: 

  • Use unique passwords for each unit 
  • Never send passwords through unencrypted channels like SMS or standard email 
  • Store them securely in a password manager or controlled documentation system 

This prevents unauthorized access and keeps you aligned with best practice.