Martin Walian
Martin Walian, MBA & Certified Export Control Manager (CECM)
How to CE Mark Your
Connected Device for the EU Market
CE marking is the mandatory conformity marking for products sold in the European Economic Area. For connected devices — IoT products, smart home devices, industrial sensors, wearables — the path to CE marking involves multiple EU directives and increasingly strict cybersecurity requirements. This guide walks you through the complete process.
Table of Contents
- What Is CE Marking?
- Which EU Directives Apply to Connected Devices?
- The CE Marking Process Step by Step
- Testing Requirements for Connected Devices
- Building the Technical File
- EU Authorised Representative Requirements
- The EU Declaration of Conformity
- Typical Timeline and Cost Considerations
- Frequently Asked Questions
We Prepare An Effective Strategy For Companies
CE marking (Conformité Européenne) is a legal declaration by the manufacturer that a product meets all applicable EU health, safety, and environmental requirements. It is not a quality mark — it is a regulatory requirement. Without CE marking, your product cannot legally be placed on the EU market.
For connected devices, CE marking typically involves compliance with multiple directives: the Radio Equipment Directive (RED), the Low Voltage Directive (LVD), the EMC Directive, and increasingly the cybersecurity requirements under RED delegated acts and the upcoming Cyber Resilience Act.
The manufacturer (or their EU Authorised Representative) is legally responsible for ensuring compliance and affixing the CE mark. Getting it wrong can result in product recalls, fines, and criminal liability.
2. Which EU Directives Apply to Connected Devices?
Connected devices typically fall under multiple EU directives simultaneously. Identifying which directives apply is the first critical step in the CE marking process:
Key directives for connected devices:
-
Radio Equipment Directive (RED) 2014/53/EU Applies to any product with intentional radio functionality — Wi-Fi, Bluetooth, Zigbee, LoRa, cellular, NFC. Covers radio spectrum usage, EMC, safety, and since 2025, cybersecurity (Articles 3.3d/e/f). This is the primary directive for most connected devices. -
Low Voltage Directive (LVD) 2014/35/EU Applies to electrical equipment operating between 50-1000V AC or 75-1500V DC. Covers electrical safety hazards. Many battery-powered IoT devices fall below this threshold, but mains-powered devices are covered.
-
EMC Directive 2014/30/EU Ensures devices do not cause electromagnetic interference and can function in their intended environment. Applies to virtually all electronic devices. For RED-scope products, EMC is covered under RED Article 3.1(b) instead.
-
RoHS Directive 2011/65/EU Restricts hazardous substances (lead, mercury, cadmium, etc.) in electrical and electronic equipment. Applies to virtually all electronic products. Requires material declarations and testing.
-
Machinery Directive / General Product Safety Additional directives may apply depending on your product type. Medical devices, toys, machinery, and outdoor equipment each have specific directives with their own requirements that layer on top of the above.
3. The CE Marking Process Step by Step
CE marking for a connected device follows a structured process. While the specifics vary by product and applicable directives, the general framework is consistent. Each step builds on the previous one — shortcuts here create problems downstream.
The process involves: identifying applicable directives and standards, designing for compliance, testing with accredited laboratories, building the technical file, issuing the Declaration of Conformity, affixing the CE mark, and appointing an EU Authorised Representative if you are based outside the EU.
We Prepare An Effective
Strategy For Companies
Testing is the cornerstone of CE marking. Connected devices require multiple types of testing across different directives. Here is what you need to plan for:
Measures radio transmitter power, frequency accuracy, spurious emissions, and receiver sensitivity against the harmonised standards for your radio technology (e.g. EN 300 328 for 2.4 GHz Wi-Fi/Bluetooth, EN 301 893 for 5 GHz Wi-Fi, EN 300 220 for sub-GHz). Testing must be performed by a lab accredited for the relevant standard.
Verifies that your device does not emit excessive electromagnetic interference (emissions testing) and can operate correctly in the presence of external electromagnetic disturbances (immunity testing). Common standards include EN 55032 for emissions and EN 55035 for immunity. Both radiated and conducted measurements are required.
Covers electrical safety hazards including electric shock, fire, mechanical injury, and thermal burns. For mains-powered devices, testing follows EN 62368-1 (audio/video and IT equipment) or the applicable product-specific safety standard. Battery-powered devices require battery safety assessment under IEC 62133.
Since August 2025, connected devices under RED must meet cybersecurity requirements per Articles 3.3(d), (e), and (f). Assessment is performed against EN 18031 series standards covering network protection, privacy safeguards, and fraud prevention. If no harmonised standard is available for your product category, Notified Body involvement may be required.
Note: Test reports from accredited labs carry more weight with market surveillance authorities. While self-testing is permitted for some requirements, using accredited labs reduces your risk significantly.
We Prepare An Effective
Strategy For Companies
The technical file is the complete documentation package that proves your product's compliance. It must be compiled before the CE mark is affixed and maintained for 10 years. Common issues that cause problems:
A complete technical file includes: a general product description and intended use, design drawings and circuit schematics, a list of applicable directives and harmonised standards, test reports from accredited laboratories covering RF, EMC, safety, and cybersecurity, a risk assessment, the EU Declaration of Conformity, user manual and installation instructions, and labelling details including CE mark placement.
The most frequent issues include incomplete test reports that do not cover all applicable standards, missing or outdated risk assessments, referencing withdrawn or superseded harmonised standards, Declaration of Conformity errors such as wrong directive references or missing signatures, and failing to update the technical file after hardware or firmware revisions that affect compliance.
The technical file must be kept for 10 years after the last unit of the product is placed on the EU market. Both the manufacturer and the EU Authorised Representative are required to make it available to market surveillance authorities upon request within a reasonable timeframe. Failure to produce the file when requested can result in enforcement action regardless of whether the product itself is compliant.
Need Help with CE Marking?
We guide you through the entire CE marking process for connected devices.
Get Started — Apply Now
6. EU Authorised Representative Requirements
If your company is based outside the EU, you are required to appoint an EU Authorised Representative for products falling under certain regulations, including GPSR and RED. This representative serves as your legal point of contact within the EU.
Key responsibilities of the EU Authorised Representative:
-
Legal point of contact for market surveillance The representative must be named on the product or packaging and must respond to requests from market surveillance authorities. They hold a copy of the Declaration of Conformity and can make the technical file available upon request.
-
Registered legal entity in an EU member state The representative must be an actual legal entity established in the EU — not just a PO box. Under GPSR, their name and address must appear on the product.
-
GPSR and product safety obligations Under the General Product Safety Regulation (GPSR), the EU Authorised Representative has expanded obligations including incident reporting, product recall coordination, and maintaining communication channels for consumer complaints.
-
Ongoing compliance monitoring A good representative does more than hold paperwork. They monitor regulatory changes, alert you to new requirements, and help manage the compliance lifecycle as your product evolves through firmware and hardware revisions.
7. The EU Declaration of Conformity
The EU Declaration of Conformity (DoC) is the formal legal document where the manufacturer declares that the product meets all applicable EU requirements. It must be signed by an authorized person within the manufacturing company.
The DoC must reference all applicable directives, list the harmonized standards used, include the product identification (model number, type), identify the manufacturer and their EU representative, and be dated and signed. A separate DoC is required for each applicable directive, though they can be combined into a single document. The DoC must accompany the product or be available upon request.
8. Typical Timeline and Cost Considerations
CE marking for a connected device is not an overnight process. Planning and budgeting realistically is essential:
-
Pre-compliance review: 1-2 weeks Initial assessment of applicable directives, identification of relevant harmonized standards, and gap analysis against current product design. This step can save significant time and money by catching issues before testing.
-
Design modifications: 2-8 weeks If the pre-compliance review identifies gaps, you may need hardware or firmware changes. Common modifications include adding shielding for EMC, implementing secure boot for cybersecurity, or redesigning power supplies for safety.
-
Laboratory testing: 4-8 weeks RF, EMC, safety, and cybersecurity testing at accredited labs. Testing timelines depend on lab availability and the number of test failures requiring retesting. Book lab time early — good labs have waiting lists.
-
Documentation and DoC: 1-2 weeks Compiling the technical file, writing the Declaration of Conformity, preparing user manuals, and finalizing labeling. This step is often underestimated but is critical for compliance.
-
Total typical timeline: 3-6 months From initial review to CE mark affixing, expect 3-6 months for a connected device. Complex products or those needing significant design changes may take longer. Budget accordingly and start early in your product development cycle.
9. Frequently Asked Questions
-
Can I CE mark my product myself or do I need a third party? For most connected devices under RED, you can self-declare conformity using the internal production control procedure (Module A). However, you still need test reports from accredited labs. Notified body involvement is required only for specific product categories or when you cannot use harmonized standards.
-
What is the difference between CE and UKCA marking? CE marking is for the EU/EEA market. UKCA (UK Conformity Assessed) marking is the UK equivalent, required since the UK left the EU. The requirements are similar but separate. Many products need both marks to sell in both markets. The UK currently recognizes CE marking for most products through transitional arrangements, but this will eventually end.
-
What happens if my product fails testing? You modify the product to address the failure, then retest. Common failures include EMC emissions exceeding limits (often fixed with shielding or filtering), RF power output issues, and safety concerns with battery charging circuits. Budget time and cost for at least one round of retesting.
-
Do I need to re-certify when I update firmware? It depends on the nature of the update. Security patches that don't change radio parameters or safety-critical functions typically don't require retesting. Changes that affect RF performance, power output, or fundamental security architecture may require partial or full retesting. Document your change impact assessment.
-
How do I handle multiple product variants? If variants share the same core hardware, radio module, and safety-critical components, you may be able to test the worst-case configuration and apply results across the product family. Document the technical justification for why the tested configuration represents the worst case.
-
What are the penalties for non-compliance? Penalties vary by member state but can include product recall and withdrawal from the market, fines up to millions of euros, criminal prosecution of responsible persons, customs seizure at EU borders, and reputational damage. Market surveillance authorities are increasingly active, especially for connected devices.
Ready to Get Compliant?
Get your CE marking sorted and launch your connected device in the EU market.
Related Articles
