Which certification families does a smart lock trigger?

Five families stack together. Radio (RED in the EU, FCC and ISED in North America, plus protocol qualification such as Bluetooth, Zigbee, Thread or Wi-Fi), electrical or battery safety, cybersecurity (RED article 3.3, EN 18031, then the CRA), environment (RoHS, REACH, WEEE, the battery regulation) and, depending on the door, building and fire-egress requirements. None is optional once its trigger is present.

Does a consumer smart lock need a notified body?

Usually not. A common radio lock self-declares through RED module A as long as the harmonised standards apply in full. A notified body becomes useful or necessary when a radio standard cannot be fully applied, or when the lock falls within the scope of a fire door or a safety device regulated elsewhere. RED 3.3 cybersecurity is also self-declared using the EN 18031 series.

Does a battery-powered lock escape the Low Voltage Directive?

Yes for the LVD in the strict sense, which only covers equipment designed for 50 to 1000 V AC or 75 to 1500 V DC. A lock powered by AA cells or a lithium battery stays below the threshold and is therefore not LVD equipment. But safety is then carried by IEC 62368-1 under the RED essential safety requirement, while the lithium cell must meet IEC 62133-2 and UN 38.3 for transport.

Is cybersecurity mandatory for a smart lock in the EU?

Yes. Since 1 August 2025, RED article 3.3 has required network, personal data and fraud protection for any internet-connected radio equipment. A smart lock falls squarely within scope. The formal route to presumption of conformity runs through the EN 18031 series published in the OJEU. The Cyber Resilience Act then takes over from 11 December 2027 for all products with digital elements.

Must a smart lock follow fire or escape-route rules?

It depends on the door. On a fire door or an emergency exit, the hardware falls under EN 1634, EN 179 or EN 1125, and the lock must never prevent free egress from the inside, even with no power. These requirements belong to construction and fire-safety law, distinct from radio CE marking. For a residential lock on an ordinary door, they generally do not apply.

Does a pre-certified radio module remove all radio testing?

Only partly. A pre-certified BLE or Wi-Fi module carries its own authorisation, which the integrator often inherits under conditions (identical or listed antenna, unchanged firmware, layout rules respected). The finished lock still owns its overall EMC, RF exposure, safety and the declaration. The module reduces the scope of radio testing but removes neither the technical file nor protocol qualification with the relevant alliance.

Does a Matter lock also need Thread or Wi-Fi certification?

Yes, Matter certification builds on an already-qualified underlying transport layer. A Matter lock on Thread must be Thread Group certified, and the device almost always embeds Bluetooth Low Energy for commissioning, which triggers Bluetooth SIG qualification. Matter, Thread and BLE are three distinct certifications that add up, on top of regulatory RED or FCC radio conformity on the same airwaves.

How many distinct marks does a global smart lock carry?

Several. For an EU plus North America launch you typically combine CE marking, a US FCC ID and a Canadian ISED identifier, alongside the protocol alliance logos (Bluetooth, Zigbee, Thread, Matter, Wi-Fi). Each additional market adds its own national mark. Set the geography list early, because catching up a market after design freeze costs far more.

Certifying a smart lock: the full stack

Author Hugues Orgitello Last updated 29 May 2026 ~8 min read

Guide, smart lock

A smart lock is, from a regulatory standpoint, one of the densest consumer products there is. A single enclosure holds a radio, control electronics, an energy source (cells or a battery), sensitive personal data (who opens, and when) and a physical security function in the literal sense. Each of these traits triggers its own conformity family, and they stack rather than exclude one another. This page is a navigation map: it walks the full stack (radio, safety, cybersecurity, environment, building), states for each layer what you will need, and links out to the matching detailed guide. Read it to scope the project, then follow the links.

Five layers to stack

Before choosing any standard, set the structure. A smart lock triggers five conformity families that can be treated as independent layers, each with its own physical or functional trigger.

Layer	Trigger in the lock	EU framework	US and CA framework
Radio	Any intentional radiator (BLE, Zigbee, Thread, Wi-Fi)	Directive 2014/53/EU (RED)	FCC Part 15, ISED RSS
Safety	Electrical energy or lithium cell	IEC 62368-1 or battery	NRTL scheme
Cybersecurity	Internet connection, personal data	RED art. 3.3, EN 18031, CRA	NIST, Cyber Trust Mark label
Environment	Substances, waste, battery	RoHS, REACH, WEEE, batteries	Prop 65, conflict minerals
Building and fire	Mounted on a fire door or exit	EN 179, EN 1125	Local codes

The golden rule: one layer never exempts another. A radio lock is not "either radio or cybersecurity", it is both, plus safety, plus environment. The RED has the particularity of absorbing EMC, safety and cybersecurity requirements under a single CE marking for radio products, but the documentation must address each essential requirement separately. For the general mental model, see our getting started with certification guide.

Radio layer: RED, FCC, ISED and protocol qualification

This is the most visible layer, and it splits in two. Two things are often confused: regulatory radio conformity (which authorises transmission on a country's spectrum) and protocol qualification with its alliance (which authorises logo use and interoperability).

Regulatory radio conformity

In the EU, article 3.2 of Directive 2014/53/EU requires efficient spectrum use. A lock operating in the 2.4 GHz band (BLE, Zigbee, Thread, Wi-Fi) applies EN 300 328; radio EMC runs through EN 301 489-17 and field exposure through EN 62311. In the United States, the same transmitter falls under FCC Part 15 (subpart C for intentional radiators) and receives an FCC ID. In Canada, ISED applies its Radio Standards Specifications (RSS), notably RSS-247 for licence-exempt devices.

Band and tech	EU standard (art. 3.2)	US and CA reference
BLE / Zigbee / Thread 2.4 GHz	EN 300 328	FCC Part 15.247, ISED RSS-247
Wi-Fi 5 GHz	EN 301 893	FCC Part 15E, ISED RSS-247
Radio EMC	EN 301 489-17	FCC Part 15B
RF exposure	EN 62311	FCC SAR / MPE

For the full EU sequence, the RED checklist guide details the 3.1(a), 3.1(b), 3.2 and 3.3 tests. For a comparison of the two North American systems, see ISED versus FCC.

Protocol qualification

The logo and interoperability belong to a private programme, distinct from the regulator. Depending on the embedded technology, you combine:

Bluetooth Low Energy: Bluetooth SIG qualification, almost systematic since BLE serves commissioning even on a Thread or Zigbee lock.
Zigbee: Zigbee CSA certification.
Thread: Thread Group certification.
Wi-Fi: Wi-Fi Alliance certification.
Matter: Matter certification, which requires the transport layer (Thread or Wi-Fi) and the commissioning BLE to be qualified first.

A Matter-over-Thread lock therefore carries up to four distinct logos (Matter, Thread, BLE, plus radio CE marking), each with its own file and its own fees.

Safety layer: LVD, IEC 62368-1 or battery

The deciding question is the power supply. It sets which safety requirement applies.

The Low Voltage Directive threshold

The Directive 2014/35/EU (LVD) only covers equipment designed for a voltage between 50 and 1000 V AC, or 75 to 1500 V DC. A smart lock almost always operates below this threshold, on AA cells, a rechargeable lithium battery, or an external low-voltage power supply. Below the threshold, the lock is not LVD equipment.

Safety does not vanish for all that: it is carried by the essential safety requirement of Directive 2014/53/EU (article 3.1a), demonstrated through IEC 62368-1 (European version EN 62368-1). This is the same safety standard as for audio/video and IT equipment. The IEC 62368-1 guide details its energy-class logic.

Only the rare locks powered directly from the mains through an internal transformer fall within the LVD scope proper. See the Low Voltage Directive guide.

Lithium cell safety

A lock with a lithium battery adds a dedicated sub-layer. The cell or pack must meet IEC 62133-2 for safety, and UN 38.3 for transport (altitude, thermal shock, short-circuit tests). These two references are distinct and both required. The battery safety and transport guide covers the tests; the lithium shipping guide handles logistics.

Power supply	Applicable safety	Guide
AA / alkaline cells	IEC 62368-1 (electronics)	IEC 62368-1
Lithium battery	IEC 62368-1 + IEC 62133-2 + UN 38.3	Batteries
Low-voltage mains adapter	IEC 62368-1 (adapter marked separately)	IEC 62368-1
Mains via internal transformer	Full LVD	LVD

Cybersecurity layer: RED 3.3, EN 18031, then CRA

A smart lock is a prime target: it guards a door, it knows the comings and goings, it can be commanded remotely. Regulation has caught up with it on two fronts.

RED article 3.3 and the EN 18031 series

Since 1 August 2025, article 3.3 of Directive 2014/53/EU, activated by Regulation (EU) 2022/30, has required for any internet-connected radio equipment three essential requirements: network protection (3.3d), personal data protection (3.3e) and fraud protection (3.3f). A smart lock falls squarely within scope. Presumption of conformity runs through the EN 18031 series (EN 18031-1, -2 and -3) published in the OJEU in January 2025. The EN 303 645 guide explains how this worldwide baseline relates to the harmonised EN 18031 standards.

In practice, a conformant lock bans any default password common across the fleet, signs its firmware updates, stores its secrets in a hardware element, and publishes a vulnerability disclosure policy.

Cyber Resilience Act

The Regulation (EU) 2024/2847 (CRA) takes over on 11 December 2027 for all products with digital elements. It broadens the obligations (vulnerability handling across the whole life cycle, incident notification, a documented support period). See the Cyber Resilience Act guide. For markets outside the EU, the worldwide baseline remains EN 303 645; the EN 303 645 guide details the national labels (PSTI in the UK, CLS in Singapore). On the US side, the reference is the NIST SP 800-213 baseline and the US Cyber Trust Mark.

Environment layer: substances, waste, battery

This layer is transversal to every electronic product sold in the EU and folds in under CE marking.

Obligation	Scope for a lock	Guide
Directive 2011/65/EU (RoHS)	Restricted hazardous substances in electronics	RoHS
REACH	Chemical substances, SVHC, SCIP notification	REACH
WEEE	Crossed-out bin mark, WEEE registration	WEEE
Regulation (EU) 2023/1542	Battery: marking, removal, declaration	Battery regulation

The battery regulation is especially structuring for a lock with an integrated battery: in due course it requires the portable battery to be removable and replaceable by the user, plus a capacity and lifetime label. Anticipate it from the mechanical design onwards. For the Californian market, the Proposition 65 guide covers substance warnings, and the conflict minerals guide covers the supply chain.

Building and fire-egress layer

This is the layer electronics teams most often forget, because it does not belong to radio CE marking but to construction law. It applies only depending on the door the lock is mounted on.

Ordinary residential door: generally no specific building requirement. Only the previous layers apply.
Emergency exit: the hardware must guarantee free egress. EN 179 covers emergency exit devices (lever or pad) for premises where users know the layout; EN 1125 covers panic exit bars for premises open to the public. An electronic lock must never prevent egress from the inside, even with a flat battery or no power: the mechanism must fail to the unlocked position on the egress side (fail-safe on exit).
Fire door: EN 1634 governs the fire resistance of the door-plus-hardware assembly. Any lock fitted on a certified fire door must be compatible with the door's test report, on pain of invalidating its fire certification.

These requirements belong to national construction and fire-safety codes that vary from one country to another. They add to, and never replace, the radio, safety and cybersecurity layers.

Procedure: scope the project layer by layer

List the markets. Set the geographies at launch and at eighteen months. Each region adds its marks (CE, FCC ID, ISED) and sometimes local tests.
Inventory the radios. One radio or several? BLE alone, BLE plus Thread, Wi-Fi? Each technology triggers regulatory conformity and alliance qualification.
Decide the power supply. Cells, lithium battery or mains? The answer fixes the safety layer (IEC 62368-1, battery, or LVD).
Map cybersecurity. EU: RED 3.3 plus EN 18031 today, the CRA by 2027. Outside the EU: EN 303 645 and national labels.
Cover the environment. RoHS, REACH, WEEE and the battery regulation are near-systematic for a product sold in the EU.
Qualify the mounting. Ordinary door, emergency exit or fire door? This conditions the building layer.
Assemble the technical file. A single technical file consolidates every essential requirement, followed by the EU declaration of conformity.

For order-of-magnitude timing and budget, see the timeline and costs guides.

Decision table: what do I need?

If your lock...	Then you need...	Guide
Transmits in 2.4 GHz in the EU	RED art. 3.2 via EN 300 328	RED checklist
Is sold in the United States	FCC ID, equipment authorisation	FCC ID and TCB
Is sold in Canada	ISED radio certification	ISED Canada
Embeds BLE	Bluetooth SIG qualification	Bluetooth SIG
Embeds Thread or Matter	Thread and Matter certifications	Matter
Uses a lithium battery	IEC 62133-2 plus UN 38.3	Batteries
Is internet-connected (EU)	RED 3.3 via EN 18031, then the CRA	CRA
Holds an integrated battery (EU)	Regulation (EU) 2023/1542	Battery regulation
Mounts on an emergency exit	EN 179 or EN 1125, fail-safe on exit	(national construction codes)

Common pitfalls

Pitfall	Consequence	Remedy
Handling radio without cybersecurity	Incomplete RED file, CE marking invalid since August 2025	Map RED 3.3 and EN 18031 at scoping
Believing a battery lock escapes all safety	Requirement 3.1a not covered	Demonstrate safety through IEC 62368-1
Forgetting alliance qualification	Matter or Bluetooth logo barred, commercial blocker	List the protocols and their programmes early
Ignoring UN 38.3 on the cell	Air shipment blocked	Qualify the cell before mass production
Fitting a non-fire-rated lock to a fire door	Door's fire report invalidated	Check the door's report before integration
Preventing free egress on the exit side	Serious fire-safety non-conformity	Design the mechanism fail-safe on exit
Not anticipating a removable battery	Late mechanical redesign	Read the battery regulation at design time

Sources and references

Sources & references

Directive 2014/53/EU on radio equipment (RED) , EUR-Lex eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014L0053
Delegated Regulation (EU) 2022/30, activation of RED article 3.3 , EUR-Lex eur-lex.europa.eu/eli/reg_del/2022/30/oj
Regulation (EU) 2024/2847 on cyber resilience (Cyber Resilience Act) , EUR-Lex eur-lex.europa.eu/eli/reg/2024/2847/oj
ETSI EN 300 328, wideband transmission systems in the 2.4 GHz band , ETSI www.etsi.org/deliver/etsi_en/300300_300399/300328/
Title 47 CFR Part 15, radio-frequency devices (FCC) , United States Government (eCFR) www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-15
IEC 62368-1, audio/video, information and communication technology equipment , IEC webstore.iec.ch/publication/27412
Regulation (EU) 2023/1542 concerning batteries and waste batteries , EUR-Lex eur-lex.europa.eu/eli/reg/2023/1542/oj