Martin Walian
Martin Walian, MBA & Certified Export Control Manager (CECM)
How to CE Mark Your
Connected Device for the EU Market
CE marking is the mandatory conformity marking for products sold in the European Economic Area. For connected devices — IoT products, smart home devices, industrial sensors, wearables — the path to CE marking involves multiple EU directives and increasingly strict cybersecurity requirements. This guide walks you through the complete process.
We Prepare An Effective Strategy For Companies
CE marking (Conformité Européenne) is a legal declaration by the manufacturer that a product meets all applicable EU health, safety, and environmental requirements. It is not a quality mark — it is a regulatory requirement. Without CE marking, your product cannot legally be placed on the EU market.
For connected devices, CE marking typically involves compliance with multiple directives: the Radio Equipment Directive (RED), the Low Voltage Directive (LVD), the EMC Directive, and increasingly the cybersecurity requirements under RED delegated acts and the upcoming Cyber Resilience Act.
The manufacturer (or their EU Authorised Representative) is legally responsible for ensuring compliance and affixing the CE mark. Getting it wrong can result in product recalls, fines, and criminal liability.
2. Which EU Directives Apply to Connected Devices?
Connected devices typically fall under multiple EU directives simultaneously. Identifying which directives apply is the first critical step in the CE marking process:
Key directives for connected devices:
-
Radio Equipment Directive (RED) 2014/53/EU Applies to any product with intentional radio functionality — Wi-Fi, Bluetooth, Zigbee, LoRa, cellular, NFC. Covers radio spectrum usage, EMC, safety, and since 2025, cybersecurity (Articles 3.3d/e/f). This is the primary directive for most connected devices. -
Low Voltage Directive (LVD) 2014/35/EU Applies to electrical equipment operating between 50-1000V AC or 75-1500V DC. Covers electrical safety hazards. Many battery-powered IoT devices fall below this threshold, but mains-powered devices are covered.
-
EMC Directive 2014/30/EU Ensures devices do not cause electromagnetic interference and can function in their intended environment. Applies to virtually all electronic devices. For RED-scope products, EMC is covered under RED Article 3.1(b) instead.
-
RoHS Directive 2011/65/EU Restricts hazardous substances (lead, mercury, cadmium, etc.) in electrical and electronic equipment. Applies to virtually all electronic products. Requires material declarations and testing.
-
Machinery Directive / General Product Safety Additional directives may apply depending on your product type. Medical devices, toys, machinery, and outdoor equipment each have specific directives with their own requirements that layer on top of the above.
3. The CE Marking Process Step by Step
CE marking for a connected device follows a structured process. While the specifics vary by product and applicable directives, the general framework is consistent. Each step builds on the previous one — shortcuts here create problems downstream.
The process involves: identifying applicable directives and standards, designing for compliance, testing with accredited laboratories, building the technical file, issuing the Declaration of Conformity, affixing the CE mark, and appointing an EU Authorised Representative if you are based outside the EU.
4. Which Products Are Affected?
Testing is the cornerstone of CE marking. Connected devices require multiple types of testing across different directives. Here is what you need to plan for:
selling directly on Amazon EU marketplaces. You likely already have CE marking and a technical file from your manufacturing process. GPSR now additionally requires a named representative on your listing.
Since Brexit, the UK is a non-EU country. If you previously sold into the EU without a separate representative, that arrangement is no longer compliant. You need a dedicated EU Authorised Representative.
If you’re expanding from domestic sales to European Amazon marketplaces, retailers, or your own EU-facing Shopify store, you need a named representative before your first EU sale.
If your product falls under the Radio Equipment Directive, you likely already have an EAR through your CE marking process. However, the new RED cybersecurity requirements (EN 18031) may require updated documentation and Notified Body involvement.
Note: Test reports from accredited labs carry more weight with market surveillance authorities. While self-testing is permitted for some requirements, using accredited labs reduces your risk significantly.
5. What Happens If You Don't Comply?
The technical file is the complete documentation package that proves your product's compliance. It must be compiled before the CE mark is affixed and maintained for 10 years. Common issues that cause problems:
Amazon has been enforcing GPSR compliance across all EU marketplaces since December 2024. Sellers without a named representative in their listing are being delisted. eBay, Etsy, and other platforms are following.
Distributors, retailers, and fulfilment partners in the EU may refuse to work with you without a compliant representative in place.
EU market surveillance authorities can order product recalls, impose market bans, or issue fines.
6. EU Authorised Representative Requirements
If your company is based outside the EU, you are required to appoint an EU Authorised Representative for products falling under certain regulations, including GPSR and RED. This representative serves as your legal point of contact within the EU.
Key responsibilities of the EU Authorised Representative:
-
Legal point of contact for market surveillance The representative must be named on the product or packaging and must respond to requests from market surveillance authorities. They hold a copy of the Declaration of Conformity and can make the technical file available upon request.
-
Registered legal entity in an EU member state The representative must be an actual legal entity established in the EU — not just a PO box. Under GPSR, their name and address must appear on the product.
-
GPSR and product safety obligations Under the General Product Safety Regulation (GPSR), the EU Authorised Representative has expanded obligations including incident reporting, product recall coordination, and maintaining communication channels for consumer complaints.
-
Ongoing compliance monitoring A good representative does more than hold paperwork. They monitor regulatory changes, alert you to new requirements, and help manage the compliance lifecycle as your product evolves through firmware and hardware revisions.
7. The EU Declaration of Conformity
The EU Declaration of Conformity (DoC) is the formal legal document where the manufacturer declares that the product meets all applicable EU requirements. It must be signed by an authorized person within the manufacturing company.
The DoC must reference all applicable directives, list the harmonized standards used, include the product identification (model number, type), identify the manufacturer and their EU representative, and be dated and signed. A separate DoC is required for each applicable directive, though they can be combined into a single document. The DoC must accompany the product or be available upon request.
8. Typical Timeline and Cost Considerations
CE marking for a connected device is not an overnight process. Planning and budgeting realistically is essential:
-
Pre-compliance review: 1-2 weeks Initial assessment of applicable directives, identification of relevant harmonized standards, and gap analysis against current product design. This step can save significant time and money by catching issues before testing.
-
Design modifications: 2-8 weeks If the pre-compliance review identifies gaps, you may need hardware or firmware changes. Common modifications include adding shielding for EMC, implementing secure boot for cybersecurity, or redesigning power supplies for safety.
-
Laboratory testing: 4-8 weeks RF, EMC, safety, and cybersecurity testing at accredited labs. Testing timelines depend on lab availability and the number of test failures requiring retesting. Book lab time early — good labs have waiting lists.
-
Documentation and DoC: 1-2 weeks Compiling the technical file, writing the Declaration of Conformity, preparing user manuals, and finalizing labeling. This step is often underestimated but is critical for compliance.
-
Total typical timeline: 3-6 months From initial review to CE mark affixing, expect 3-6 months for a connected device. Complex products or those needing significant design changes may take longer. Budget accordingly and start early in your product development cycle.
9. Frequently Asked Questions
-
Can I CE mark my product myself or do I need a third party? For most connected devices under RED, you can self-declare conformity using the internal production control procedure (Module A). However, you still need test reports from accredited labs. Notified body involvement is required only for specific product categories or when you cannot use harmonized standards.
-
What is the difference between CE and UKCA marking? CE marking is for the EU/EEA market. UKCA (UK Conformity Assessed) marking is the UK equivalent, required since the UK left the EU. The requirements are similar but separate. Many products need both marks to sell in both markets. The UK currently recognizes CE marking for most products through transitional arrangements, but this will eventually end.
-
What happens if my product fails testing? You modify the product to address the failure, then retest. Common failures include EMC emissions exceeding limits (often fixed with shielding or filtering), RF power output issues, and safety concerns with battery charging circuits. Budget time and cost for at least one round of retesting.
-
Do I need to re-certify when I update firmware? It depends on the nature of the update. Security patches that don't change radio parameters or safety-critical functions typically don't require retesting. Changes that affect RF performance, power output, or fundamental security architecture may require partial or full retesting. Document your change impact assessment.
-
How do I handle multiple product variants? If variants share the same core hardware, radio module, and safety-critical components, you may be able to test the worst-case configuration and apply results across the product family. Document the technical justification for why the tested configuration represents the worst case.
-
What are the penalties for non-compliance? Penalties vary by member state but can include product recall and withdrawal from the market, fines up to millions of euros, criminal prosecution of responsible persons, customs seizure at EU borders, and reputational damage. Market surveillance authorities are increasingly active, especially for connected devices.