IoT Device Compliance for CE

In today’s connected world, the Internet of Things (IoT) is no longer futuristic — it’s part of our everyday reality. From smart thermostats and wearable health monitors to industrial sensors and connected vehicles, IoT devices are everywhere. But while developing a new IoT product is exciting, one crucial challenge remains: compliance.

Compliance is not just a regulatory formality; it is the gateway to global markets. Without it, your product generally cannot be legally placed on the market in the relevant region. With it, your product gains legitimacy, safety validation, and customer trust.

Across the world, different compliance frameworks open the door to market access. In Europe, the CE mark is the most important for IoT devices, covering safety, electromagnetic compatibility, radio performance, and environmental responsibility. Understanding this framework is essential for anyone planning to place connected products on the European market, and practical examples and tools can make the path to compliance clearer.

The Global Overview

Every region has its own regulatory requirements. While the technical principles—safety, electromagnetic compatibility, and radio spectrum management—are similar, the approval bodies and procedures differ. Here are the most common ones IoT device manufacturers encounter:

• CE (European Union & EEA)
  Required for almost all electronic products in Europe. It covers health, safety, environmental, and radio performance standards. A CE mark allows free movement of goods across the entire European Economic Area.
• FCC (United States)
  Overseen by the Federal Communications Commission. The focus here is on radio frequency emissions and interference. IoT devices with Wi-Fi, Bluetooth, or cellular connectivity must be FCC certified before entering the U.S. market.
• UKCA (United Kingdom)
  After Brexit, the UK introduced the UKCA mark, which mirrors CE requirements but applies only in Great Britain. The UK Government has confirmed an extension to the recognition of the CE marking for construction products beyond the previously planned deadline of June 2025. This allows manufacturers to continue placing electronic products on the Great Britain market using the CE marking, rather than being limited to the UKCA marking.
• ISED / IC (Canada)
  Canada’s version of FCC approval, issued by Innovation, Science and Economic Development Canada. Very similar but with Canadian-specific spectrum allocations.
• Other Regional Approvals
  • Japan: MIC/TELEC certification for radio devices, such as IoT-enabled air conditioners or connected cameras.
  • Australia & New Zealand: RCM mark for EMC and radio compliance.
  • China: CCC and SRRC approvals.

In practice, many of the required tests—especially those for EMC, safety, and radio performance—are recognized internationally. Manufacturers can often reuse test results to speed up multi-market approval.

The next section focuses on the CE (European) conformity assessment process, explaining what is required and how to approach it. Other regions follow similar principles, but CE provides a clear and widely recognized example.

Why CE Marking Matters

For electronic devices in Europe, CE marking is not optional. It is a legal requirement. Without it, your product cannot be legally placed on the EU market, nor can it be advertised or distributed in member states.

But CE marking is more than legal compliance—it is a trust signal. It shows that a product has been tested for safety, will not interfere with other electronics, is environmentally responsible, and uses radio spectrum efficiently. For end-users, it means confidence; for manufacturers, it means market access.

For example, popular consumer devices like Fitbit wearables, Philips Hue smart lighting, and Bosch industrial IoT sensors all carry the CE mark to demonstrate compliance.

It is also important to note that some large platforms like Amazon explicitly require CE marking for products sold in the EU marketplace (Amazon Seller Central Policy). Without a CE mark and the proper Declaration of Conformity, Amazon will not allow sellers to list many categories of electronics. This shows that even if CE is officially a self-declaration system, there are multiple layers of verification in practice. Sellers may be asked by retailers, distributors, or customs authorities to provide their technical documentation and Declaration of Conformity.

Under EU law, CE marking is required for products that fall under one or more of the European “New Approach” directives or regulations. These cover a wide range of product categories, including:

• Electronics – consumer devices, IoT hardware, industrial electronics.
• Toys – both traditional and connected toys.
• Eyewear – protective and corrective lenses.
• Protective equipment – helmets, gloves, masks, and PPE.
• Machines – industrial and household machinery.
• Medical devices – from diagnostic equipment to wearables.

In the IoT and electronics space, this typically includes consumer gadgets, wireless-enabled devices, and industrial control systems.

CE Directives in IoT

Electronic devices fall under several EU directives. Some of the directives that may apply to your device are:

• Radio Equipment Directive (RED 2014/53/EU)

The Radio Equipment Directive (RED 2014/53/EU) is the key EU directive for IoT devices. It applies to any product that intentionally transmits or receives radio signals — such as Wi-Fi, Bluetooth, LTE, NB-IoT, LoRa, Zigbee and similar technologies.

Under Article 3(1) of RED, radio equipment must be constructed to ensure:

• • Protection of health and safety of persons, domestic animals, and property, including the objectives of the safety requirements set out in Directive 2014/35/EU (LVD), but with no voltage limit applying.
  • An adequate level of electromagnetic compatibility, as set out in Directive 2014/30/EU (EMC).
  • Efficient use of the radio spectrum so as to avoid harmful interference.

For example, a smartwatch with Bluetooth and Wi-Fi must be assessed under RED to demonstrate it meets these requirements — including safety, EMC, and radio performance — even though it does not separately need to comply with LVD or EMC Directives. RED already incorporates those essential requirements.

• EMC Directive (2014/30/EU)

The EMC Directive applies mainly to non-radio IoT (and other electronic) devices, since radio products are already covered under the RED. Non-radio IoT devices are those IoT components without built-in wireless transmitters or receivers, such as connected sensors, controllers, or gateways that use wired IoT protocols (for example RS-485/Modbus, KNX, DALI, Ethernet) to exchange data with a network or platform. It ensures that products do not generate excessive electromagnetic interference that could disturb other equipment, and that they themselves are resistant to interference from external sources. In practice, this means devices must be designed and tested for both emissions and immunity so they can operate reliably in real-world environments filled with other electronics.

• Low Voltage Directive (LVD 2014/35/EU)

The Low Voltage Directive (2014/35/EU) applies to mains-powered devices operating within 50–1000 V AC and 75–1500 V DC. It ensures electrical safety by requiring protection against fire hazards, electric shock, overheating and other dangerous conditions. Manufacturers must meet essential requirements for insulation, creepage distances, protective earthing and safe design of power supplies. Examples include non-radio or wired IoT products such as smart home gateways, building-automation hubs, industrial data loggers, wired smart meters and similar devices that connect directly to mains power (e.g. 230 V AC).

Products with built-in radio transmitters are regulated under the Radio Equipment Directive (RED), which already incorporates the Low Voltage Directive’s (2014/35/EU) health, safety and property protection objectives but without having voltage limits.

• RoHS Directive (2011/65/EU)

The RoHS Directive restricts hazardous substances like lead, mercury, and cadmium. Compliance with this directive is usually handled at the manufacturer level, since it involves materials sourcing, supply chain control, and documentation.

• Cybersecurity and Emerging Standards

Europe is moving toward mandatory cybersecurity requirements for connected devices. The Cyber Resilience Act, proposed in 2022, will set baseline security obligations such as secure default configurations, vulnerability management, and update policies. Standards like EN 303 645 for consumer IoT and IEC 62443 for industrial control systems are already guiding manufacturers.

This makes cybersecurity a shared responsibility: software engineers must implement secure coding, encryption, and update mechanisms, while manufacturers need processes for vulnerability disclosure and long-term support. Products such as connected door locks, smart baby monitors, and industrial IoT controllers are especially sensitive to these requirements. More on this topic will be covered in a separate blog.

A crucial point often causing confusion is the difference between directives and standards:

• • Directives (such as RED, EMC, LVD, RoHS) are legal institutions. They define what must be achieved (e.g., safety, EMC performance).
  • Standards (such as EN 301 489 for EMC, EN 300 328 for 2.4 GHz Wi-Fi/Bluetooth devices) are technical documents with requirements that can be used to demonstrate compliance with the above directives.

If you design, build and test your product in accordance with harmonised standards developed by European Standards Organisations (for example EN 300 328 for Wi-Fi/Bluetooth or EN 301 489 for EMC) and listed by the European Commission in the Official Journal of the EU, your device is presumed to comply with the essential requirements of the applicable directives and you can normally carry out self-assessment.

How to Detect Which Standards Apply to Your Product

Finding the right standards for your IoT device can feel overwhelming. Here are three practical ways to identify them:

• Ask a test lab or Notified Body – They can guide you toward the harmonized standards most relevant for your product type.
• Check existing product datasheets – Look at EU Declarations of Conformity of similar devices already on the market; these documents list the applied EN standards.
• Learn and research directly – The EU publishes lists of harmonized standards for each directive. For instance, you can search the EU Commission website to find up-to-date applicable standards.

At Byte Lab, we often support clients who get stuck in this exact step—unsure of which standards apply. Our consulting services help clarify the right standards early in the process, which makes certification much more predictable.

Steps to Certify Your IoT Device for CE

Certifying an IoT device may feel daunting, but it can be broken down into structured steps. Here are the general steps with a practical example.

General Steps

• Identify the applicable directives
  Determine which regulations apply—RED, EMC, LVD, RoHS, or a combination.
  • Example: Smart Thermostat → RED (for Wi-Fi, which already includes EMC and LVD (for radio devices), RoHS (materials).
• Choose your conformity assessment route
  • Self-certification (Module A): This is the simplest conformity assessment procedure under EU law. In Module A, the manufacturer takes full responsibility for demonstrating and declaring compliance. It is possible when your device complies with harmonized standards, and it involves preparing the technical file, performing or commissioning all necessary tests, and signing the Declaration of Conformity without involvement of a Notified Body. For most IoT devices, this is the common route.
  • Notified Body involvement: Required if harmonized standards are not fully applied, if the product uses novel technology without established standards, or if there are significant safety or radio risks. In such cases, an independent EU-accredited organization (Notified Body) must review the design, perform or oversee testing, and issue an opinion before the manufacturer can declare conformity.
    • Example: Smart Thermostat → Conformity route → Self-assessment possible since harmonized standards exist.
• Conduct the necessary tests
  Examples include:
  • EMC emissions and immunity.
  • Electrical safety (if applicable).
  • Radio spectrum and power tests.
  • SAR testing for wearables.
  • RoHS material analysis.
    • Example: Smart Thermostat → Wi-Fi spectrum efficiency, EMC emissions, electrical safety for mains power.
• Compile the technical documentation (Technical File)
  This includes product schematics, BOM, test reports, risk analysis, user manuals, and labelling.
  Example template: EU Technical File Guidance
• Write and sign the EU Declaration of Conformity (DoC)
  A formal document stating that the product meets all relevant requirements. It must be kept for at least 10 years.
  Example template: EU Declaration of Conformity Template (Europa.eu)
• Affix the CE mark
  Place it visibly and indelibly on the product, packaging, and manuals.
• Maintain compliance
  Reassess and re-test if your design changes or if regulations are updated.
  • Example: Smart Thermostat → If the Wi-Fi module is replaced, the device must be retested.

Pre-Compliance Testing

One of the most common pitfalls in IoT development is leaving compliance testing until the very end of the design process. This often leads to costly redesigns and delays. We recommend starting this process with the first prototypes.

Pre-compliance testing helps manufacturers detect potential EMC or safety issues early. By running scaled-down or partial tests before full formal compliance testing / conformity assessment, problems such as excessive emissions or susceptibility to interference can be fixed while still in the design phase.

At Byte Lab, we frequently perform pre-compliance evaluations for clients—both for devices we develop and for products designed elsewhere. Many companies come to us when their devices fail certification in external labs. Our team helps identify the issues, redesign hardware or PCB layouts, and prepare the product to pass formal approval testing. Pre-compliance saves money, reduces time-to-market, and lowers the risk of surprises in final testing.

Special Technology Means Specific Certifications

Beyond CE and regional marks, some technologies require or offer additional certifications:

• Bluetooth Qualification – Any product that uses Bluetooth and wants to display the official Bluetooth trademarks or logos must go through the Bluetooth SIG qualification program. This ensures interoperability, adherence to the Bluetooth specification, and the right to use the Bluetooth logo.
• Wi-Fi Certification – Managed by the Wi-Fi Alliance. While not legally mandatory, Wi-Fi CERTIFIED™ status demonstrates that your device meets interoperability and performance standards recognized worldwide.
• Sigfox Certification – Devices using the Sigfox LPWAN network must pass Sigfox Ready™ certification, which validates proper radio performance and compatibility with the Sigfox backend infrastructure.
• LoRa Alliance Certification – Required if you want to display the LoRaWAN® logo and ensure interoperability within LoRaWAN networks. It tests compliance with LoRaWAN protocol specifications.
• Zigbee Alliance Certification – Required for products using the Zigbee brand and logo, ensuring interoperability with other Zigbee-certified devices in the ecosystem.
• Matter Certification – Managed by the Connectivity Standards Alliance (CSA). Not legally mandatory, but required if you want to use the Matter logo and claim interoperability within the Matter smart home ecosystem. It validates that your device can work seamlessly with other Matter-certified products from different manufacturers.

These certifications complement CE and FCC requirements, giving your product both regulatory clearance and industry recognition. Byte Lab advises clients on when these additional certifications are beneficial or required, and we can help manage these processes in parallel with CE.

How Byte Lab Helps

At Byte Lab, we understand how complex and time-consuming certification can be. That’s why we support companies at every stage:

• Early design reviews to ensure compliance from the start.
• Pre-compliance testing to identify risks before final certification.
• Consulting for clients who designed their own products but struggle with certification—helping them recover from failed tests and reach compliance.
• Collaboration with accredited labs and Notified Bodies.
• Preparation of the complete technical file and Declaration of Conformity.
• Guidance on cybersecurity compliance for future-proof devices.

We do this regularly for IoT startups, industrial clients, and OEMs. Our experience means your product reaches the market faster, safer, and with full regulatory confidence.

DISCLAIMER:

The information provided in this article is for general informational and educational purposes only. It is not intended to be, and should not be construed as, legal advice. While we aim to provide accurate and up-to-date guidance, regulations may change and vary by jurisdiction. Before taking any actions based upon this content, we strongly encourage you to consult with appropriate legal or compliance professionals. Byte Lab does not provide legal advice, and any reliance you place on the information contained herein is strictly at your own risk.