Certification and Regulatory Requirements for Product Developers

If you’re designing a physical product, you have an important responsibility to ensure your creation will be a good citizen of the world. It should meet all legal requirements, be valuable and safe for your customers, and minimize environmental impact. Determining which standards your product is required to meet can be a daunting task. It can also be an especially strategic one if you’re at a startup where resources are limited, and missteps can be the end of the road.

Here, I’ll outline some common sources of requirements, considerations about which requirements apply to your product, and most importantly, how to design your product to meet them.

Where Do Requirements Originate?

Here’s a question I often hear from people building a product with a hardware component:

What am I required to comply with or test, before I can ship my product?

They’re typically trying to navigate the complex set of international, domestic, and state regulatory requirements for their product. The answer is somewhat unsatisfying and typical of most engineering problems: It depends.

If you call a test lab to shed some light on the situation, an initial conversation usually goes like this:

You: “What do I need to test to ship my product?”
Test Lab: “Here are all the tests we offer.”
You: “Right, I saw that on your website, but which ones do I have to do?”
Test Lab: “Which tests would you like?”
You: …

There are some hard regulatory requirements, but many test requirements are your decision, based on your standards for a good product, or non-regulatory external factors.

Requirements come from a number of sources, including:

  • State/national regulations — FCC, CE, UN/DOT 38.3, etc.
  • Customer preferences or requirements — IP67, etc.
  • Use of technology brand names — Qi, Bluetooth, etc.
  • Distributor safety requirements — UL, etc.
  • Service provider requirements — PTCRB for cellular
  • Internal company requirements for product performance or risk mitigation

I’ll talk through a few of these common categories, but the goal of this post is to guide you through the process of determining your requirements, not to specify them. Only you can do that comprehensively.

Also, major disclaimer: Regulatory requirements frequently change, so be sure to check on the latest.

Let’s take an in-depth look at the regulatory requirements of a few major hardware categories.

Electromagnetic Compatibility

A device being interrogated at Keysight Technologies’ EMC lab

Electromagnetic Compatibility (EMC) is the catch-all term commonly used to describe the testing of radio emissions for your product (though EMC technically refers to unintended radiation or reception).

Federal Communications Commission Compliance

The major relevant regulation in the United States is FCC Title 47, Part 15 (the gory details) which regulates spurious emissions and low-power broadcasting. All products with electrical signals >9kHz, whether or not they have a radio, must be reviewed to comply before they can be sold (or even advertised)in the U.S.

For unintentional radiators (Part 15b):

  • Usually referred to as “FCC verification.”
  • Self-declaration process, not a certification, but testing is required by a lab registered with the FCC.
  • Required, even if you do not have a radio but have signals >9kHz.
  • Required, even if you use a pre-certified RF module.
  • This testing can cost ~$2k and take a couple of weeks for test and paperwork, depending on lab scheduling.

For intentional radiators (Part15c):

  • Usually referred to as “FCC certification.”
  • Required if you have a radio and an external/discrete antenna (i.e., not a pre-certified RF module).
  • This can include Specific Absorption Rate (SAR) testing, depending on intended use with human body proximity.
  • This testing can cost $10–20k and take 4–6 weeks for test and paperwork, depending on lab scheduling.

Apple’s anechoic chamber for radio emission testing.


International EMC

Similar requirements exist for all international markets: CE (Europe), IC (Canada), MIC/VCCI (Japan), etc.

Testing for multiple regions at once can reduce overall certification costs, but the common path for small companies or first-generation products is to start in one country, until you’ve proven market traction and can scale manufacturing, before going international.

Pre-Certified Radio Modules

Pre-certified RF modules are a great choice for many product designs. They minimize the cost to certify your product, avoid the design time/cost/risk for a custom solution, and reduce your manufacturing test requirements. Those benefits can come with a tradeoff in component cost, antenna performance, or form-factor, but it’s often a no-brainer for a first-generation product.

Two important caveats:

  • Be aware that modular certifications have grant conditions that specify use case conditions, like installation method, distance to the human body, co-location, and simultaneous transmission with other radios. If your use case falls outside of those conditions, you may be required to do supplemental testing.
  • Manufacturer reputation and quality matter. Even if a module part number has a pre-certification, you can fail a test if there was a quality issue with the particular module you built with and submitted to test.

Do Design Changes Trigger Re-Testing?

Another common question is, “If I change something with my device design or sourcing, do I have to re-certify?”

  • Updates to the antenna or enclosure that would impact radio characteristics almost always require some amount of additional testing.
  • There is a “Permissive Change” process that can allow you to submit limited testing. Consult with your test lab.


Upon being granted FCC certification, information about your product will typically be published publicly online.

Images from the public FCC database for iPhone

This is not necessarily a major concern, but you can file a Request for Confidentiality, to keep things like photos of internal components and block diagrams confidential for a short term (180 days from grant), or longer, for some documents.

Marking Requirements

Excerpts from the FCC spec:

Screenshot from the FCC spec

Physical FCC ID labels must be located on the surface of the product or within a user-accessible nondetachable compartment (such as the battery compartment). The label shall be permanently affixed, permitting the device to be positively identified.

When the device is so small, or for such use that it is impracticable to label with a font size that is four-points or larger (and the device does not utilize electronic labeling), then the FCC ID shall be placed in the user manual, and the FCC ID shall also be placed either on the device packaging or on a removable label attached to the device.

Products with a built-in display, or that only operate in conjunction with another product that has an electronic display, have the option to display on the electronic display the FCC Identifier, any warning statements or other information that the Commission’s rules would otherwise require to be shown on a physical label attached to the device.

There are also requirements for placing compliance statements in your user manual. Definitely read the spec.

The international declaration requirements often require user manuals, as well.

Before You’re Certified…

You can apply for a Special Temporary Authority (STA) to operate for typically 6 months prior to certification.

In addition, §2.803, “Marketing of radio frequency devices prior to equipment authorization,” outlines some situations in which you can distribute your device with appropriate disclaimers, including:

A radio frequency device may be advertised or displayed (e.g., at a trade show or exhibition) if accompanied by a conspicuous notice containing this language:

This device has not been authorized as required by the rules of the Federal Communications Commission. This device is not, and may not be, offered for sale or lease, or sold or leased, until authorization is obtained.

Communications Protocols

Wi-Fi, Bluetooth and MFi comes with its own standards.

There are non-government organizations that publish protocol standards, list products that comply with those standards, and allow you to use branded protocol marks and trademarks, like WiFi Alliance and Bluetooth SIG. Labs can conduct the testing for you, but consider whether the cost is worth it for your application.

Approval for certain third-party device interoperability (notably, Apple’s MFI program) may require third-party testing and specific hardware in your device.

Safety Standards

Battery compression testing using Instron’s testing rig.

Safety standards typically come from standards organizations like IEC 60950 for IT equipment or ISO 60601 for medical devices. Test labs like UL develop their own test specs from those standards.

In addition to being a source of specs and testing, the labs are listing and reputation services. Each Nationally Recognized Testing Laboratory (NRTL) has its own brand mark:

  • UL is the most recognized and most often required mark, but other labs have similar specs and testing capabilities, because they’re all derived from the same standards.
  • If you don’t have a specific customer requirement for UL, testing against another spec/lab can be a more cost-effective path.
  • The NRTLs usually also offer all the EMC testing that you’ll need.
Labs have a large number of different test specs that apply to various product categories.

These tests are usually not a strict regulatory requirement in the U.S., but they’re often required by distributors or customers. They’re valuable to design and test against, too, to ensure you’re building a safe product.

A test lab rep can help you determine which test spec applies to your product. This can be easy, if there is a clear pre-existing category, or difficult, if you have a new type of product that doesn’t fit cleanly.

Here’s a common safety testing flow:

  • Talk to a rep early in your design phase, to determine relevant specs.
  • Buy the spec.
  • Design your product to meet the spec.
  • Conduct internal testing, to be confident that your products meet the spec.
  • Iterate on design and testing, if necessary.
  • Submit devices for final certification from the test house.

Remember: Working with a safety test lab and conducting safety testing still doesn’t ensure safety 100%. That’s ultimately determined by your design, your quality control, and users’ behavior.

Battery Specifics

Another common hard requirement is UN/DOT 38.3.

  • Required to ship lithium ion or lithium metal batteries in the U.S. (by air, sea, or road).
  • Tests altitude, thermal, vibration, shock, short circuit, impact, overcharge, and forced discharge.
  • Off-the-shelf batteries from reputable vendors usually already have this certification.
  • If you have a custom battery, you or your vendor need to certify your battery.

Dust and Water Ingress

Ingress protection ratings (IP ratings) have some traction as marketing specs and can be helpful in determining design requirements, but they come with many caveats:

  • Specs can be misleading for users, and it’s important to explain uses cases in common language, in addition to specs. Jumping in a pool might induce higher pressures than 1m submersion.
  • Often, your internal test plan should include *more* tests to cover your expected use cases than the target IP rating spec requires.
  • You’ll need robust internal testing to iterate on your product. Third-party testing should be a final step to receive a test report, if needed.
  • Product performance is often highly dependent on assembly process (glue curing, gasket assembly, ultrasonic welding, etc.), and quality (enclosure dimensions).
  • Product performance can also vary widely with time in the field (plastics aging, seal breaking after being dropped, etc.).

Environmental Standards

Chemical analysis lab answering the question, “Will it blend?”

Compliance with specific environmental standards can be required, depending on your industry and shipping region:

  • RoHS — Restriction of Hazardous Substances (lead, mercury, etc.), required for CE marking and sale in CA.
  • Prop 65 — Statement or testing required for CA, “This product contains chemicals known to the State of California…”
  • WEEE — Waste Electrical & Electronic Equipment (a.k.a. “the wheelie bin”) — all applicable products in the EU market must pass.
  • Reach — Registration, Evaluation, Authorization and Restriction of Chemicals, for the EU.
  • California Battery Charger — Mandatory efficiency standard for federally regulated battery chargers that became effective for products manufactured on or after June 13, 2018.

Other environmental and supply chain ethics standards are gaining traction in industry adoption and market value:

  • Halogen Free — Evolving definition and specs, some overlap with RoHS.
  • ASTM/Bio-preffered — USDA label to identify bio-based products.
  • Conflict Free — Minerals originating from well-managed mines — controlled sources & reclaimed materials.

Reviewing Your Overall Plan

Who should review your requirements and test plan? Sources of input, though they will sometimes contradict each other:

  • Test houses
  • Certification consultants
  • Your lawyers
  • Your contract manufacturer
  • Your advisors
  • Other founders/engineers/PMs who have a similar product

Talk to all of these people for input, but be aware that it will ultimately fall on you to balance risk and decide on a plan.

Creating a Culture of Quality and Safety

A final reminder: Testing itself does not make your product pass any of the standards I’ve discussed. It must be designed to do so.

Looking back at our original question (What am I required to comply with or test before I can ship my product?), we can add another question that’s just as important:

How should I design my product to satisfy my requirements?

In the early stages of your product design, I highly encourage every company to go through a Failure Mode and Effects Analysis (FMEA). FMEA is an important *design* tool to manage risk and develop test plans. In the process, you:

  • Consider ways your product might fail or be used in unintended ways.
  • Describe the consequences of a failure.
  • Score the likelihood and severity of the failure.
  • List ways in which you could mitigate the risk in your design.
  • List the tests you will use to evaluate your mitigation.

Ultimately, your product is only as safe as you design it to be and as safe as the quality standards you choose to maintain in your manufacturing supply chain.

Helpful Links

Here are some assorted links to NRTLs, other test labs, and consultants, for reference:

Tyler is a Partner at Bolt investing in pre-seed companies at the intersection of the physical and digital world. You can find him on LinkedIn, on Twitter, and over at the Teardown Library

Bolt invests at the intersection of the digital and physical world.