Skip to content


IoT Product Compliance Guide, Part 1: Why Compliance Matters

Improper procedure when it comes to getting your IoT products certified by the correct regulators can have serious impacts on time to market, as well as enormous legal and financial ramifications.

The most challenging thing I’ve encountered while researching compliance standards over the years is the lack of resources out there to help someone without a law degree understand what they need to do to get their products certified. With so much on the line, I wanted someone to explain to me in plain language exactly what matters and what doesn’t.

To that end, I’ve compiled this high-level overview of the regulations you need to know about as an electrical engineer and as a business leader to ensure your hardware meets the right standards. Note that throughout this guide, we’ll be focusing primarily on standards in the United States and Canada, with some mention of the regulations in Europe.

**The information provided in this blog post does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Readers of this blog post should contact their attorney to obtain advice with respect to any particular legal matter.  

Why Product Certification Matters for IoT

The FCC rules (specifically 47 CFR 2.803) state that prior to being marketed and sold in the US, any device that emits RF energy must be, “properly authorized, labeled, and furnished with the proper user information disclosures. Failure to comply may subject the violator to substantial monetary penalties that could total more than $150,000 per violation.” Not to mention the additional delay to schedule and the expense associated with pulling products and rushing them through certification. Let’s go through a quick hypothetical product launch to explore what this might look like:

Let’s say your company has done all the market research, completed the entire product design lifecycle, gone through the painstaking process of getting through production, and you have your first models out in the field.

As you are planning out your next production run, you get a call from an electrical inspector asking for the results from your compliance tests, and why the appropriate markings are not displayed on the product. It turns out, a competitor actually reported your product as unsafe, because their version of the product has not launched. If you have considered and performed compliance testing, the path out of this jam is much more straightforward. However, if you have not considered compliance then you now have to halt production of that product until you have gone through the appropriate testing and filed any associated paperwork.

With this product serving as one of your key revenue streams, you can’t afford to halt production, so you do whatever you can to get your compliance testing completed as quickly as possible. Typically, this means shelling out a lot more cash than you budgeted for, only to realize that because you didn’t test the product earlier, you failed the compliance testing.

Now, you have to perform a lengthy diagnostic investigation to fix some spurious emissions. Or, even worse, you have to address that one weird failure that you can only seem to reproduce if you’re standing on one leg during an eclipse that happens to coincide with a sea turtle spawning event. Then, you have to pay to either rework or remake the product to meet compliance standards. Then, you have to re-test and hope that something else doesn’t start failing. When you add it all up, the cost of failing to go through compliance now totals in the hundreds of thousands of dollars, and that is after potentially paying fines levied by the FCC that were mentioned above.

While this story describes a worst-case scenario from a business perspective (and is actually not all that hypothetical as I have seen similar things happen in my career), there are other negative outcomes from neglecting compliance as well. For example, distributors may not carry your product without UL and FCC markings, which limits your distribution network.

Finally, there is, of course, the safety of your consumers. Even if you feel confident that your product is safe, testing for certifications can reveal things you may not have previously considered, protecting both your users and your business. To avoid finding yourself in this trap consider certifications at the beginning of the product development cycle.

An Overview of the Major Regulators and Standards

Depending on where your product will be manufactured and sold, there are different regulatory agencies and standards with which you’ll need to comply. We’ll focus primarily here on the U.S., Canada, and Europe.

International Electrotechnical Commission (IEC) Certification

The IEC is an international organization that prepares and publishes “International Standards for all electrical, electronic and related technologies.” The United States, Europe, and Canada largely base their own national certification standards on those developed by the IEC, so you can think of it as the overarching regulatory body. The IEC has multiple committees and subcommittees which regulate different kinds of products and technologies.

Comité International Spécial des Perturbations Radioélectriques (CISPR) Certification

In English, the Comité International Spécial des Perturbations Radioélectriques means International Special Committee on Radio Interference. CISPR is an IEC committee that defines the specific set of tests that you need to do to comply with a certain standard, plus all the relevant details, including how to do the tests and how often.

In North America and Japan, CISPR-22 (known as EN-5022 in Europe) is the most relevant standard for information technology devices (like printers, computers, single word computers, etc.), and is used to regulate radiofrequency (RF) emissions and electromagnetic compliance (EMC).

Federal Communications Commission (FCC) Certification

FCC testing, along with UL standards (explained below), is the most relevant to products developed and sold in the United States. The FCC approval process is primarily focused on determining whether your product is emitting RF energy outside of your allowed limits, and on prohibiting interference with other devices and systems.

For most electronic equipment, FCC Part 15 standards are the most relevant and are divided into Class A (industrial, non-residential products) and Class B (consumer, residential products).

Here’s an informative guide from the FCC about how to certify computers and other digital devices. 

Industry Canada (IC) Certification

IC is the Canadian counterpart to the United States’ FCC, also focusing on RF emissions. The certification procedure for IC closely matches that of the FCC. To get certified for both, there are generally not many differences between the tests. The only added costs come with two separate application fees, one for each agency. If the manufacturer is not located in Canada, they will need an in-country representative.

Underwriters Laboratories (UL) Certification

UL is a global organization headquartered in the United States that sets standards for products ranging from mobile phones to plastic materials. While many of the regulations from organizations like FCC and CISPR are concerned with limiting RF emissions, UL regulations are focused on product safety (e.g., preventing electrical fires).

The UL safety standard that is currently used in the United States is UL 62368 (for Audio/Video, Information & Communication Technology Equipment).

Conformité Européenne (CE) Certification

Conformité Européenne is French for European Conformity, and it’s the universal standard for health, safety, and environmental regulatory compliance within the European Economic Area (EEA). Nearly every kind of product you could manufacture must have a CE marking and corresponding Declaration of Conformity in the EEA, from toys to water boilers, so this will most likely apply if you plan to market, manufacture, or sell there.

In order to get the official CE mark on your product, you’ll need to identify the EU regulations that apply to your product, complete your own conformity assessment, and create a technical file. Finally, you’ll need to make a Declaration of Conformity, which is a document signed by you confirming that your product complies with CE regulations. The regulations that apply to your product will determine what needs to be included in your declaration.

In Europe, the Declaration of Conformity is a legally binding document placing all liability on you, the manufacturer’s, shoulders. If your product is found to be non-compliant, it will be your responsibility to address and remedy any issues.

PTCRB Certification

The acronym for this regulator previously stood for PCS Type Certification Review Board, but it’s now a pseudo-acronym. They are “a certification organization established in 1997 by leading wireless operators to define test specifications and methods to ensure device interoperability on global wireless networks,” according to their website. Basically, this organization ensures that your product works well with cellular carriers like AT&T and T-Mobile. Verizon has its own carrier test you’ll need to perform.

GCF Certification

The acronym stands for Global Certification Forum. It is a world-wide certifying agency that consists of a network of “Operators, Manufacturers, and Observers.” Operators are typically carriers, manufacturer memberships are for those who either manufacture directly or put a product on the marketplace, and observer members are for anyone else who has an interest in cellular technology.

Annual membership is required in order to achieve product certification, and then an approved test facility must perform the compliance testing. Once a device is certified, the certification stays valid if the manufacturer does not wish to maintain an annual membership.

Perhaps the most notable benefit of obtaining GCF certification is that it is recognized worldwide. While it may not cover a device for all carriers, the test results from this test can minimize the number of carrier-specific tests that are required. This can not only save money but also time to market.


The Wi-Fi Alliance champions the use of Wi-Fi technologies to solve a wide range of problems. More importantly, they set the standards that help to ensure interoperability between the different generations of Wi-Fi devices. A Wi-Fi CERTIFIED product has been tested to ensure that these standards are met. In most industrial applications, the Wi-Fi module itself has been through this testing. In consumer markets, however, most components are Wi-Fi CERTIFIED, and not obtaining this certification can be a competitive disadvantage.

Bluetooth Special Interest Group (SIG)

The Bluetooth SIG is analogous to the Wi-Fi Alliance in championing the use of its technology. They also maintain the Bluetooth standard. Much like the W-Fi certification, Bluetooth qualification testing ensures that a device will maintain interoperability with other devices. In most situations, it is advised to build around radios that currently possess a Bluetooth declaration ID, and then pay a one time $9,600 declaration fee for your own product. This legally allows you to use the Bluetooth logo. If not done, your device may actually be held in customs. Note that you will have to become a Bluetooth SIG member, but there is a free tier.

Understanding How Regulations Affect Your Product

Now that you know why you should care about IoT product compliance and who the major players are in the space, how do you know if any of these rules apply to your product?

In Part 2 of this guide, we’ll talk about the kinds of devices that need to be certified, and in Part 3 we will review the costs and the process for certification, all so that you can approach your next product release with confidence.

If you’re looking for an expert IoT firm to guide you through product development, we’re here to help. Reach out to Very today.