CE and FCC Certification for IoT Devices: What Manufacturers Need to Know
CE and FCC certification path: pre-compliance testing — accredited lab — documentation — market authorisation
CE marking is mandatory for all IoT devices sold in the EU. FCC ID is mandatory for devices sold in the US. Getting certification wrong means product recalls, import bans, and legal liability. Plan for it from day one.
CE Marking for IoT: The RED Directive
The Radio Equipment Directive (RED, 2014/53/EU) covers all IoT devices with radio interfaces (WiFi, BLE, LoRa, cellular). It requires compliance with:
- Safety — EN 62368-1 (audio/video and IT equipment)
- EMC — EN 301 489-1 + EN 301 489-17 (for WiFi/BLE)
- Radio spectrum — EN 300 328 (2.4GHz WiFi/BLE), EN 301 893 (5GHz WiFi)
- Cybersecurity — EN 18031 mandatory from August 2025
FCC Part 15 for IoT
Option A: Use FCC-certified module (ESP32, nRF52840) -> Only FCC Class B verification for host device -> Faster: 4-8 weeks, lower cost Option B: Custom RF design (own antenna, custom module) -> Full FCC ID required -> Slower: 12-20 weeks, $15,000-40,000
Timeline Reality
Budget 3–6 months for CE + FCC on a typical WiFi/BLE product. Schedule pre-compliance at pilot production stage. Test house queues stretch to 8 weeks in busy periods — book early. At FSS, certification is built into the hardware development schedule from the brief stage. Our IoT team has guided 20+ products through CE and FCC. Talk to us.
EN 18031: The New Cybersecurity Requirement
From August 2025, EU RED Article 3.3 mandates cybersecurity requirements for all internet-connected radio equipment — effectively all WiFi and cellular IoT devices. The harmonised standard EN 18031 defines baseline cybersecurity requirements that products must demonstrate compliance with. Key requirements include: network traffic protection (TLS or equivalent), software update mechanisms with authentication, minimal attack surface (no unnecessary open ports or services), and secure default configuration.
Products that achieved CE marking before August 2025 must re-certify under EN 18031 before their next major hardware revision. New products submitted for RED certification from August 2025 onwards must include EN 18031 compliance documentation as part of their Technical File. This is not optional and is enforced at market surveillance — non-compliant products face market withdrawal and penalties.
Preparing Your Technical File
CE marking for IoT devices requires a comprehensive Technical File that documents compliance with all applicable directives and standards. The file must include: product description and intended use, schematic diagrams and PCB layout files, test reports from an accredited laboratory, risk assessment (essential requirements analysis), declaration of conformity, and user documentation in the language of each member state where the product is sold.
The Technical File does not need to be submitted to any authority proactively — it must be available to market surveillance authorities on request within a specified timeframe (typically 10 working days). Maintain your Technical File throughout the product lifetime and update it for any design changes that affect compliance.
FCC Supplier’s Declaration of Conformity (SDoC)
For many IoT products that use FCC-certified modules, a Supplier’s Declaration of Conformity (SDoC) is sufficient — no FCC filing required. SDoC applies to Class B intentional radiators (devices that use FCC-certified radio modules without modification). The responsible party (importer or US distributor) signs the SDoC, which must be maintained on file and available on request.
SDoC does not apply if you modify the antenna, add a power amplifier, or use the radio in a non-standard configuration relative to the module’s FCC certification. In those cases, a new FCC ID application is required. When in doubt, consult an FCC-accredited test laboratory — the cost of clarification is trivial compared to the cost of an FCC enforcement action for marketing a non-compliant product.
Building an IoT product?
FSS is a full-stack IoT engineering team — hardware, firmware, cloud, and mobile in one place.