IoT Product Compliance Guide, Part 1: Why Compliance Matters


Facebook Twitter Link

Improper procedure when it comes to getting your IoT products certified by the correct regulators can have serious impacts on time to market, as well as enormous legal and financial ramifications. 

The most challenging thing I’ve encountered while researching compliance standards over the years, however, is the lack of resources out there to help someone without a law degree understand what they need to do to get their products certified. With so much on the line, I wanted someone to explain to me in plain language exactly what matters and what doesn’t.

After spending easily hundreds of hours researching this topic both for the project in question and throughout my career, I finally came to a pretty robust understanding of IoT product certification, and I’m eager to share.

To that end, I’ve compiled this high-level overview of the regulations you need to know about as an electrical engineer and as a business leader to ensure your hardware meets the right standards. Note that throughout this guide, we’ll be focusing primarily on standards in the United States and Canada, with some mention of the regulations in Europe. 

**The information provided in this blog post does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Readers of this blog post should contact their attorney to obtain advice with respect to any particular legal matter.  

Why Product Certification Matters for IoT

There is no law that I am aware of that requires a product to be tested for compliance before being sold in the US, but these sorts of laws do exist in other parts of the world. Either way, the best time to consider certifications is at the beginning of the product development cycle. I’ll start with a story to illustrate why: 

Let’s say you’ve designed an awesome new product. You've done all the market research and the painstaking production, and you’ve already got your first models out in the field. 

Then, all of a sudden, you get a call from an electrical inspector telling you that you don’t have the proper certifications. After doing some digging, you find out a competitor is the one who reported you (unfortunately, this does happen occasionally). You now have to shut down your entire operation until you have the correct certifications. 

With this product serving as one of your key revenue streams, you can’t afford to halt production, so you do whatever you can to get your certification testing completed as quickly as possible. Typically, this means shelling out a lot more cash than you budgeted for, only to realize that because you didn’t test the product earlier, you failed compliance testing. 

Now, you have to perform a lengthy diagnostic investigation to fix some spurious emissions. Or, even worse, you have to address that one weird failure that you can only seem to reproduce if you’re standing on one leg during an eclipse that happens to coincide with a sea turtle spawning event. Then, you have to pay to either rework or remake the product to meet compliance standards. Then, you have to re-test and hope that something else doesn’t decide it wants to start failing. 

While this story describes a worst-case scenario from a business perspective, there are other negative outcomes from neglecting compliance as well. For example, distributors may not carry your product without UL and FCC markings, which limits your distribution chain. 

Finally, there is, of course, the safety of your consumers. Even if you feel confident that your product is safe, testing for certifications can reveal things you may not have previously considered, protecting both your users and your business. 

An Overview of the Major Regulators and Standards

Depending on where your product will be manufactured and sold, there are different regulatory agencies and standards with which you’ll need to comply. We’ll focus primarily here on the U.S., Canada, and Europe.

International Electrotechnical Commission (IEC) Certification

The IEC is an international organization that prepares and publishes “International Standards for all electrical, electronic and related technologies.” The United States, Europe, and Canada largely base their own national certification standards off of those developed by the IEC, so you can think of it as the overarching regulatory body. The IEC has multiple committees and subcommittees which regulate different kinds of products and technologies.

Comité International Spécial des Perturbations Radioélectriques (CISPR) Certification

In English, the Comité International Spécial des Perturbations Radioélectriques means International Special Committee on Radio Interference. CISPR is an IEC committee that defines the specific set of tests that you need to do to comply with a certain standard, plus all the relevant details, including how to do the tests and how often. 

In North America and Japan, CISPR-22 (known as EN-5022 in Europe) is the most relevant standard for information technology devices (like printers, computers, single word computers, etc.), and is used to regulate radiofrequency (RF) emissions and electromagnetic compliance (EMC). 

Federal Communications Commission (FCC) Certification

FCC testing, along with UL standards (explained below), is the most relevant to products developed and sold in the United States, as the FCC is a U.S. government agency. The FCC approval process is primarily focused on determining whether your product is emitting RF outside of your allowed limits, to prohibit interference with other devices and systems. 

For most electronic equipment, FCC Part 15 standards are the most relevant and are divided into Class A (industrial, non-residential products) and Class B (consumer, residential products).

Here’s an informative guide from the FCC about how to certify computers and other digital devices.    

Sign up for our newsletter

Join 10,000+ subscribers to get the latest IoT development news delivered to your inbox.

Industry Canada (IC) Certification

IC is the Canadian counterpart to the United States’ FCC, also focusing on RF emissions. The certification procedure for IC closely matches that of the FCC. To get certified for both, there are generally not many differences between the tests. The only added costs come with two separate application fees, one for each agency. If the manufacturer is not located in Canada, they will need an in-country representative.

Underwriters Laboratories (UL) Certification

UL is a global organization headquartered in the United States that sets standards for products ranging from mobile phones to plastic materials. While many of the regulations from organizations like FCC and CISPR are concerned with controlling RF emissions, UL regulations are focused on product safety (e.g., preventing electrical fires). 

The UL safety standard that is currently used in the United States (as of February 2020, when this blog was published) for Information Technology is UL 60950. However, since that standard will be updated to the UL 62368 (for Audio/Video, Information & Communication Technology Equipment) as of December 20, 2020, we recommend designing your products to fit this new standard.  

Conformité Européenne (CE) Certification

Conformité Européenne is French for European Conformity, and it’s the universal standard for health, safety, and environmental regulatory compliance within the European Economic Area (EEA). Nearly every kind of product you could manufacture must have a CE marking and corresponding Declaration of Conformity in the EEA, from toys to water boilers, so this will most likely apply if you plan to market, manufacture, or sell there. 

In order to get the official CE mark on your product, you’ll need to identify the EU regulations that apply to your product, complete your own conformity assessment, and create a technical file. Finally, you’ll need to make a Declaration of Conformity, which is a document signed by you confirming that your product complies with CE regulations. The regulations that apply to your product will determine what needs to be included in your declaration.

In Europe, the Declaration of Conformity is a legally binding document placing all liability on you, the manufacturer’s shoulders. If your product is found to be non-compliant, it will be your responsibility to address and remedy any ramifications.

PTCRB Certification

The acronym for this regulator previously stood for PCS Type Certification Review Board, but it’s now a pseudo-acronym for “a certification organization established in 1997 by leading wireless operators to define test specifications and methods to ensure device interoperability on global wireless networks,” according to its website. Basically, this organization ensures that your product works well with cellular carriers like AT&T and T-Mobile (Verizon has its own carrier test you’ll need to perform.) 

GCF Certification

The acronym stands for Global Certification Forum. It is a world-wide certifying agency that consists of a network of “Operators, Manufacturers, and Observers.” Operators are typically carriers, manufacturer memberships are for those who either manufacture directly or put a product on the marketplace, and observer members are for anyone else who has an interest in cellular technology.

Annual membership is required in order to achieve product certification, and then an approved test facility must perform the compliance testing. Once a device is certified, the certification stays valid if the manufacturer does not wish to maintain an annual membership.

Perhaps the most notable benefit of obtaining GCF certification is that it is recognized worldwide. While it may not cover a device for all carriers, the test results from this test can minimize the number of carrier-specific tests that are required. This can not only save money but also time to market.


The Wi-Fi Alliance champions the use of Wi-Fi technologies to solve a wide range of problems. More importantly, they set the standards that help to ensure interoperability between the different generations of Wi-Fi devices. A Wi-Fi CERTIFIED product has been tested to ensure that these standards are met. In most industrial applications, the Wi-Fi module itself has been through this testing. In consumer markets, however, most components are Wi-Fi CERTIFIED, and not obtaining this certification can be a competitive disadvantage.

Bluetooth Special Interest Group (SIG)

The Bluetooth SIG is analogous to the Wi-Fi Alliance in championing the use of its technology. They also maintain the Bluetooth standard. Much like the W-Fi certification, Bluetooth qualification testing ensures that a device will maintain interoperability with other devices. Again, in most industrial applications this is not pursued, but it is almost a requirement for devices to be sold to general consumers.

Understanding How Regulations Affect Your Product

Now that you know why you should care about IoT product compliance and who the major players are in the space, how do you know if any of these rules apply to your product?

In Part 2 of this guide, we’ll talk about the kinds of devices that need to be certified, and in Part 3 we will review the costs and the process for certification, all so that you can approach your next product release with confidence.

If you’re looking for an expert IoT firm to guide you through product development, we’re here to help. Reach out to Very today.

iot compliance guide