Background AESTechno Expert Electronique

CE/RED certification for IoT products: timelines, costs and pitfalls

CE marking and RED directive for connected objects: process, timelines, costs and common mistakes. Complete guide by AESTECHNO, design house in Montpellier.

Your IoT product is ready to be sold in Europe, but without CE marking and RED certification it cannot legally be placed on the market. For any device with a radio function (Wi-Fi, Bluetooth, LoRa, NB-IoT, Zigbee), the Radio Equipment Directive (RED) 2014/53/EU applies, and the requirements go well beyond a single lab test.

At AESTECHNO, we support our customers from design to certification, with a 100% pass rate on CE/FCC tests. That track record isn’t luck: it comes from integrating regulatory constraints from the earliest design phases. In this guide, we detail the CE/RED certification process, realistic timelines, the costs to plan for, and, above all, the mistakes that derail projects.

Key takeaways

  • The Radio Equipment Directive (RED) 2014/53/EU applies to every radio-enabled IoT product sold in the EU: Wi-Fi, Bluetooth, LoRa, NB-IoT, Zigbee, Thread, UWB, NFC.
  • Three essential requirements must be met: safety (Art. 3.1a), EMC (Art. 3.1b) and efficient spectrum use (Art. 3.2), tested against ETSI EN 300 328, EN 301 489 and EN 55032/35.
  • Since 1 August 2025, Article 3.3 adds binding cybersecurity requirements (authentication, signed updates, credential protection) per ETSI EN 303 645.
  • Realistic timelines: 4 to 6 weeks (pre-certified module, clean design) up to 3 to 6 months (custom RF, initial failure). Designing for EMC from the schematic phase is what collapses that range.

[aestechno_cta]

What is CE marking and the RED directive?

CE marking (Conformité Européenne) is a manufacturer’s declaration that a product meets the essential requirements of the applicable European directives. For radio equipment, the Radio Equipment Directive (RED) 2014/53/EU defines those requirements: electrical safety, electromagnetic compatibility (EMC), and efficient use of the radio spectrum. According to the European Commission’s CE marking guidance, the manufacturer carries full legal responsibility for conformity once the marking is affixed. As noted by the European Commission in the Blue Guide on the implementation of product rules, CE marking is a legal statement, not a quality certification.

The RED directive applies to any device that intentionally transmits or receives radio waves for communication or radiolocation. This includes:

  • Short-range connectivity: Bluetooth, Wi-Fi, Zigbee, Thread, Matter
  • Long-range connectivity: LoRaWAN, NB-IoT, LTE-M, Sigfox
  • RFID/NFC: readers and active tags
  • GNSS: GPS, Galileo receivers (depending on configuration)
  • Other: radar, UWB, RF remote controls

If your product has no radio function, other directives apply (EMC 2014/30/EU, Low Voltage 2014/35/EU), but the process is generally simpler.

The three essential RED directive requirements

RED essential requirements are three categories of mandatory criteria radio equipment must satisfy before being placed on the European market. Conformity is demonstrated through harmonised test standards published by ETSI and IEC/CISPR, run either in an accredited laboratory or under self-declaration depending on the case.

Article 3.1(a): Safety and health

The equipment must not present a health or safety risk to users. According to Directive 2014/53/EU aligned with IEC 62368-1 and IEC 62311, this covers:

  • Electrical safety (insulation, shock protection)
  • Thermal risk (heating, flammability)
  • Electromagnetic field exposure: Specific Absorption Rate (SAR) for body-worn devices
  • Mechanical safety according to intended use

Article 3.1(b): Electromagnetic compatibility

The equipment must operate without disturbing other devices, and must withstand ambient interference. Per ETSI EN 301 489 and the CISPR 32 / CISPR 35 families, EMC tests evaluate:

  • Conducted emissions: disturbances injected into the power network
  • Radiated emissions: electromagnetic disturbances emitted into the air
  • Immunity: resistance to Electrostatic Discharge (ESD), transients, RF fields

Article 3.2: Efficient use of the spectrum

The radio transmitter must use the spectrum efficiently to avoid harmful interference. According to ETSI EN 300 328 for the 2.4 GHz ISM band, the tests check:

  • Transmit power within authorised limits (20 dBm EIRP for 2.4 GHz)
  • Spectral occupancy (bandwidth, out-of-band emissions)
  • Adaptivity or Listen-Before-Talk (LBT) behaviour for certain bands

The certification process step by step

The CE/RED certification process is a structured sequence of six steps, from identifying applicable directives to applying the CE mark after a successful Declaration of Conformity. According to the European Commission’s Blue Guide on the implementation of EU product rules, each step must be documented in the technical file, which remains the manufacturer’s property and must be retained for 10 years after the last unit is placed on the market. As cited by Annex V of Directive 2014/53/EU, the file must be available to market surveillance authorities on request.

Step 1: Identify applicable directives and standards

Before any testing, identify precisely the directives and harmonised standards that apply to your product. For a typical connected object:

  • RED 2014/53/EU: mandatory for any radio equipment
  • RoHS 2011/65/EU: restriction of hazardous substances
  • WEEE 2012/19/EU: management of electronic waste
  • Machinery or toys regulation: depending on application
  • Cyber Resilience Act: new cybersecurity requirements (gradual entry into force 2025-2027)

For harmonised standards, consult the EU Official Journal or use the European Commission database.

Step 2: Compliant design from the start

Compliance isn’t won at the end of a project, it is built in from the design phase. Architecture, component and PCB routing decisions largely determine the test outcome.

Best design practices for certification:

  • Use pre-certified radio modules whenever possible (significant test reduction)
  • Strictly follow the module manufacturer’s integration guidelines
  • Provide a continuous ground plane under RF zones
  • Separate digital and analog power rails
  • Plan for EMC filtering provisions (footprints for ferrites, capacitors)
  • Anticipate immunity tests (decoupling, ESD protection)

For a deeper dive on these aspects, see our article on RF PCB design.

Step 3: In-house or laboratory pre-testing

Before official testing, run pre-tests to identify and fix problems. This step is often skipped, but it prevents costly failures at the accredited lab.

Pre-test options:

  • In-house equipment: spectrum analyser, near-field probe, oscilloscope
  • Non-accredited lab: indicative tests at lower cost
  • Anechoic chamber rental: for experienced teams

At AESTECHNO, we systematically run EMC and RF pre-tests before sending a product to an accredited laboratory. In our lab, we combine ANSYS HFSS antenna simulation, near-field probe sweeps and a TEM cell for emission pre-scans, which lets us tell before fabrication whether the product will pass certification. On a recent project, we observed that a 3 dB S11 anomaly on a 2.4 GHz chip antenna, flagged at the simulation stage, would have cost roughly one full EN 300 328 re-test campaign at the lab. From our experience, this pre-manufacturing simulation predicts EMC and RF behaviour with enough accuracy to commit to production without waiting for the lab verdict.

Our signature: PCBs designed to industry best practice, EMC-pre-compliant

According to the Institute for Printed Circuits standards (IPC-2221, IPC-6012), a PCB ready for certified production must meet stackup, clearance and via-registration targets from the first iteration. At AESTECHNO, we design industrial PCBs that are EMC-pre-compliant from the first iteration, IPC-aligned and ready for high-volume production. Our portfolio covers stackups up to 28 layers, HDI technologies (laser µVias, buried vias), and special formats (flex, rigid-flex, integrated PCB antennas). Concrete result: a 100% pass rate on CE/FCC tests, because the design IS already engineered for certified production.

Step 4: Accredited laboratory testing

Official tests must be performed by an accredited laboratory (typically ISO 17025, COFRAC in France). In France, the Agence Nationale des Fréquences (ANFR) publishes the list of notified bodies for radio equipment. The lab issues a test report that serves as the basis for the EU Declaration of Conformity.

Typical tests for an IoT product with Bluetooth/Wi-Fi:

Test type Common standards Typical duration
Electrical safety EN 62368-1 1-2 days
EMC emissions EN 55032 1-2 days
EMC immunity EN 55035 2-3 days
Bluetooth/Wi-Fi radio EN 300 328, EN 301 489 2-3 days
LoRa/Sigfox radio EN 300 220 1-2 days

Step 5: Building the technical file

The technical file is the reference documentation package that proves conformity. According to Annex V of Directive 2014/53/EU, the file must contain:

  • General description of the product and how it works
  • Schematics and design drawings
  • List of standards applied
  • Lab test reports
  • User manual and safety instructions
  • Risk analysis (where applicable)
  • Declarations of conformity for critical components

This file isn’t sent to authorities, but must be available for inspection on request for 10 years.

Step 6: EU Declaration of Conformity and CE marking

Once tests have passed and the file is built, the manufacturer (or their European authorised representative) drafts the EU Declaration of Conformity. This document legally binds the declarant on the product’s compliance.

The declaration must include:

  • Product identification (name, model, serial number)
  • Manufacturer name and address
  • Directives and standards applied
  • Date and place of declaration
  • Signature of the responsible party

The CE marking can then be applied to the product, its packaging and its documentation.

Realistic certification timelines

Certification duration is the total calendar time from the first test booking to the signed Declaration of Conformity, and it depends on product complexity, initial design quality, and laboratory availability. In our experience supporting IoT projects, realistic ranges fall into three archetypes:

Scenario Typical timeline
Best case: pre-certified module, careful design, no modifications 4-6 weeks
Standard case: typical IoT product, minor adjustments 8-12 weeks
Complex case: custom RF, initial failure, design modifications 3-6 months

These timelines include pre-tests, official tests, possible corrections, and file build. Add 2-4 weeks to the schedule for lab booking slots, which are often busy.

Factors influencing certification cost

Certification costs are the sum of lab fees, sample production, technical file preparation and iteration cost on failures. They vary significantly with product type, applicable directives, and the number of iterations required. From our experience, the number of radio technologies on board and the quality of the EMC design at schematic review are the two dominant drivers:

Main cost categories

  • EMC tests (emissions + immunity): depends on product complexity and number of operating modes
  • Radio tests: vary by technology (Bluetooth, Wi-Fi, LoRa each have different requirements)
  • Electrical safety tests: depend on supply voltage and product type
  • SAR tests: required only for body-worn devices

Other costs to plan for

  • Test samples: 3-5 units typically requested by the lab
  • Pre-tests: a strongly recommended investment to avoid costly failures
  • Modifications on failure: variable, depending on the scope of corrections
  • Technical file build: often included in design house support

Budget-driving factors

  • Multiple technologies: a product with both Bluetooth AND Wi-Fi costs more than a single-technology product
  • International certification: each market (USA, Canada, Japan) adds extra tests
  • Failures and iterations: every additional lab pass increases the budget
  • Unprepared product: a poorly EMC-optimised design will need more corrections

For worldwide commercialisation, plan a budget significantly higher than for CE/RED Europe alone.

[aestechno_trust_box]

Article written by Hugues Orgitello, electronic design engineer and founder of AESTECHNO. LinkedIn profile.

The mistakes that fail certifications

Certification failures are recurring design or process mistakes that force a re-test campaign, adding time and cost to the project. After years of supporting IoT projects, we have identified the same patterns repeatedly, across Bluetooth, LoRa and Wi-Fi designs alike. On our test benches, these patterns account for the majority of first-pass failures.

Mistake 1: Design first, think about certification later

The most common and most costly mistake. A product designed without regard for EMC and RF requirements will very likely have problems at test. Fixing things after the fact may require a complete PCB redesign.

Solution: integrate regulatory constraints from the specification and architecture review onward.

Mistake 2: Underestimating radio module integration

Using a pre-certified module doesn’t guarantee the final product will be compliant. The antenna, ground plane, routing and electromagnetic environment of the host product strongly influence radio and EMC performance.

Solution: follow the manufacturer’s integration guidelines scrupulously and validate by measurement.

Mistake 3: Neglecting EMC immunity

Immunity tests (ESD, transients, RF fields) are often neglected at design time. As noted by the International Electrotechnical Commission in the CISPR 35 and IEC 61000-4 series, immunity levels apply to every external interface, and a product that emits little but crashes at the slightest disturbance will still fail.

Solution: plan ESD protection on every external interface, decouple supply rails properly. For products with a USB-C Power Delivery port, ESD immunity is particularly critical, our guide on USB-C Power Delivery for industrial products details the specific protection requirements for that interface.

Mistake 4: Insufficient documentation

A compliant product with an incomplete or poorly structured technical file can cause problems during a market surveillance check. CE marking commits the manufacturer’s liability.

Solution: build the technical file as the project progresses, not in a panic before market launch.

Mistake 5: Ignoring regulatory evolution

The regulations evolve. The Cyber Resilience Act (CRA), for example, will impose new cybersecurity requirements on connected products from 2025-2027, with a Software Bill of Materials (SBOM) mandate and Coordinated Vulnerability Disclosure (CVD) duties that interact with RED Article 3.3. According to European guidance from the Union Agency for Cybersecurity (ENISA), the CRA also aligns with the NIS2 directive on incident reporting for critical suppliers, and CVE tracking is expected via CycloneDX or SPDX SBOM formats. A product designed today must anticipate these changes.

Solution: stay informed and design with margin for evolution. In our practice, we run an early CRA gap analysis in parallel with the RED technical file to catch overlaps before they become rework.

Pre-certified modules: benefits and limits

Pre-certified radio modules are integrated RF assemblies (ESP32, nRF52, LoRa SiP) that come with their own CE/FCC certifications, typically covering ETSI EN 300 328 and EN 301 489. They are an attractive option to accelerate certification, because the radio block is treated as already compliant and the host product inherits most of that compliance.

Benefits

  • Simplified radio tests (often just a conformity check)
  • Lower certification cost and timeline
  • RF design already optimised by the manufacturer
  • Documentation and support available

Limits

  • The module’s certification doesn’t cover the complete product
  • Any modification (custom antenna, radio firmware) can invalidate the certification
  • EMC tests on the final product are still required
  • Higher unit cost than a discrete solution

For a standard IoT product, pre-certified modules are usually the best cost/timeline/risk trade-off.

Real cases from our RED pre-scans

The weeks saved in certification almost always come from the pre-lab phase. On a recent project, we measured a 2×f harmonic peak 12 dB above the EN 55032 Class B limit before any shielding, caught during an in-house near-field sweep. Three archetypes we regularly encounter in pre-scans, illustrating the gap between “works on the bench” and “passes in the anechoic chamber”:

  • Case 1: antenna resonance at –3 dB caught before the lab. During an ANSYS HFSS simulation, the reflection coefficient (S11) revealed a parasitic resonance tied to a ground plane shortened by a connector. Contrary to the belief that a pre-certified radio module guarantees the final product, mechanical integration can shift the useful band outside EN 300 328. We recommend a simulation–near-field measurement loop before the first lab visit.
  • Case 2: 2×f harmonic emission caught with a near-field probe. During an in-house EMC pre-scan with near-field probes and a TEM cell, an SPI clock harmonic dominated at 150 MHz. Counterintuitively, the fix wasn’t adding shielding, it was re-routing the SPI bus with a continuous GND reference. We recommend radiated emission pre-scans on the first functional boards.
  • Case 3: Article 3.3 cybersecurity compliance ignored until file compilation. Since August 2025, RED imposes technical requirements (authentication, signed updates, credential management) that affect firmware. We recommend running a cybersecurity review in parallel with development, not after.

Standards, tools and technical signature in certification

The applicable IoT/RED reference framework hangs on the RED directive 2014/53/EU, the EN 300 328 (2.4 GHz), EN 301 489 (radio EMC), EN 55032/35 (generic EMC) standards, IEC 62311 (human RF exposure) and ETSI EN 303 645 (consumer IoT cybersecurity). On the tools side: ANSYS HFSS with AI-assisted antenna optimisation, near-field probes, a TEM cell for emission pre-scans, and a spectrum analyser up to 10 GHz.

Contrary to the belief that RED is an administrative formality, Article 3.3 (cybersecurity) compliance, in force since August 2025, imposes binding technical requirements on the firmware itself. At AESTECHNO, our signature is EMC-pre-compliant design from the schematic phase: layout, stackup, filtering, shielding and firmware are treated as certification constraints from the schematic, not patched in post-processing once the lab has already invoiced an unsuccessful first campaign.

International certification: beyond Europe

International certification is the set of market-specific approvals a connected product needs to be sold outside the European Economic Area (EEA), where CE marking alone is not recognised. For other markets, additional certifications are required, each governed by its own regulator and its own technical specifications:

Market Certification Specifics
United States FCC Part 15 Different emission limits, similar process
Canada ISED (formerly IC) Often paired with FCC
Japan MIC/TELEC Specific requirements, different frequency bands
Australia RCM Recognises some CE/FCC tests
China SRRC + CCC Specific process, tests in Chinese labs

Tip: if you are targeting multiple markets, plan certifications in parallel and reuse tests where standards are compatible. According to French radio regulator guidance published by ANFR, the ISO 17025 test reports issued under CE can significantly shorten the FCC Part 15 campaign in a coordinated lab booking. As noted by Annex III of the RED directive, mutual recognition between CE and other markets is partial at best.

Bottom line: the CE/RED playbook in 2026

The CE/RED playbook is the set of design, simulation and documentation choices that determine whether certification passes on the first attempt. In our experience, the gap between a first-pass CE certification and a six-month ordeal is set on day one, at the schematic review. According to ETSI EN 300 328, EN 301 489 and the CISPR 32/35 limits, only an EMC-aware design survives testing without a PCB respin. Key decision points we apply on every IoT project:

  • Pre-certified vs. custom radio: unlike a custom RF design, a pre-certified module (nRF52, ESP32, LoRa SiP) typically cuts 30 to 50% off the radio test matrix, at the cost of a slightly higher BOM.
  • Simulation before fabrication: we measured on a recent project that an HFSS antenna sweep flagged a 3 dB S11 anomaly that would have cost one full EN 300 328 re-test at the lab.
  • Article 3.3 cybersecurity: since August 2025, firmware now has to satisfy ETSI EN 303 645 (consumer IoT) or dedicated industrial equivalents, in parallel with the Cyber Resilience Act (CRA) schedule.
  • Technical file from day one: build it as you design, not in a panic before market launch. The file is retained for 10 years after the last unit is placed on the market.

FAQ: Common questions on CE/RED certification

Can I sell an IoT product in Europe without CE marking?

No. CE marking is mandatory for any electrical or electronic equipment placed on the European market. Selling without CE marking exposes you to sanctions (market withdrawal, fines) and engages the manufacturer’s civil and criminal liability if there is an accident.

Who is responsible for CE marking: the manufacturer or the designer?

The manufacturer placing the product on the European market is responsible for CE marking. If you have a design house design a product, you (as manufacturer/importer) sign the declaration of conformity. The design house provides you with the compliant design and the technical documentation.

What’s the difference between certification and self-declaration?

For most IoT products, the procedure is self-declaration: the manufacturer declares conformity themselves, on the basis of tests carried out in a laboratory. Some products (medical equipment, certain high-power transmitters) require the involvement of a notified body for formal certification.

Are CE tests valid for FCC certification?

Tests are not directly transferable, because standards and limits differ. However, a product designed to pass CE tests will often pass FCC tests with little or no modification. Labs can optimise their test campaigns to cover both certifications.

What happens if my product fails the tests?

The lab issues a report identifying the non-conformities. You then have to modify the product (hardware and/or firmware) and re-run the failed tests. This is why pre-tests are essential: they allow you to spot problems at lower cost.

How long does the certification remain valid?

CE certification has no expiry date as long as the product isn’t modified and the applicable standards don’t significantly evolve. Any substantial modification (new radio component, firmware change affecting emissions) may require re-evaluation.