← Back to blog

Certifying an electronic product: CE, FCC and the Cyber Resilience Act

June 18, 2026 · 8 min read

You can have the best product in the world, but if it isn't certified you can't sell it legally. For an electronic device —especially one with radio (Bluetooth, WiFi)— certification isn't optional paperwork: without it you risk fines, market recalls and customs blocks. This is a clear guide to the three pieces that matter most today: CE/RED in Europe, FCC in the United States and the new Cyber Resilience Act.

What certifying means (and why it isn't optional)

Certifying means proving, with tests and documentation, that your product meets the rules of the market where you sell it: that it doesn't interfere with other equipment, that it's safe for people, that it uses the radio spectrum correctly and —increasingly— that it's cyber-secure. Each market has its own framework, and you must comply in every country where you sell.

CE and the RED directive (Europe)

The CE marking is mandatory to sell in the European Economic Area. For a product with radio, the key directive is the RED (Radio Equipment Directive), which bundles several aspects:

  • Spectrum use: the radio must transmit in the allowed bands and power levels.
  • Electromagnetic compatibility (EMC): it must not cause interference nor be affected by it.
  • Electrical safety and health: protecting people, including radiofrequency exposure (SAR) in body-worn devices.

In many cases you work with a self-declaration backed by lab tests and a technical file you must keep. Using pre-certified radio modules greatly reduces the scope of testing.

FCC (United States)

To sell a radio device in the US you need FCC certification (typically under Part 15). It involves testing at an accredited lab and obtaining an FCC ID that must appear on the product. It's conceptually similar to the European one, but with its own limits, procedures and labelling: certifying for Europe doesn't certify you for the US.

Cyber Resilience Act (CRA): the change that rewrites the rules

The Cyber Resilience Act is Europe's new cybersecurity regulation for "products with digital elements" (almost any connected device). It entered into force in late 2024 and its main obligations apply from 2027 (with vulnerability reporting required earlier, in 2026). From then on, CE marking will also mean meeting cybersecurity requirements. In practice it forces you to:

  • Security by design: the product must be secure by default, not as an afterthought.
  • Security updates: the ability to patch vulnerabilities throughout the product's life — i.e. a solid secure OTA system.
  • Vulnerability management: a process to detect, fix and report them, plus a software bill of materials (SBOM).

The CRA turns cybersecurity into a legal requirement, not an optional best practice. It's worth designing with it in mind from now on.

Preparation checklist (pre-compliance)

Reaching the tests unprepared is a recipe for failing and redesigning. This list helps you arrive with confidence:

  • Define from the start which markets you'll sell in (Europe, US, others): it determines which certifications you need.
  • Use pre-certified radio modules if you can: they cut testing, cost and risk.
  • Design the hardware with EMC in mind (grounding, filtering, layout): most failures are EMC-related.
  • Do pre-compliance: informal early tests to catch problems before the official lab.
  • Implement security and OTA (signing, encryption, updates) to meet the CRA.
  • Prepare the technical file: schematics, bill of materials, risk assessment and manuals.
  • Get labelling and documentation right (CE marking, FCC ID, declarations of conformity).
  • Plan time and budget: certification takes weeks and a failure delays the launch.

Common mistakes

  • Leaving certification until the end: if something fails, the redesign costs weeks and money.
  • Forgetting EMC in the PCB design.
  • Assuming that certifying in Europe covers the US (or vice versa).
  • Ignoring the CRA and discovering too late that the whole security and update layer is missing.

Conclusion

Certification is what turns a prototype into a product you can actually sell. Planning it from the design stage —radio, EMC, safety and cybersecurity— avoids expensive surprises and launch delays. At Regular Solids we design with certification in mind and support pre-compliance and test preparation (CE, FCC, RED) as well as the CRA's cybersecurity requirements. If you're about to launch a product, tell us and we'll prepare it well from the start.

Note: this article is an informational guide, not legal advice. Regulations evolve; always confirm the current requirements for your product and market.

Keep reading