Self-declaration vs Notified Body: choosing your route
Guide · Conformity assessment module choice
To affix the CE marking, a manufacturer must choose a conformity assessment module from those its directive authorises. Decision 768/2008/EC defines eight, labelled A through H, ranging from pure self-declaration to a full audit of a quality system. For most electronic products the question collapses to a simple choice, module A in-house, or involve a Notified Body, but the boundary is not always clean. This page explains the mechanics of the choice, the technical and economic criteria behind it, and the classic pitfalls on each route.
The fundamental question
Section titled “The fundamental question”For a given product, the manufacturer first identifies the applicable directives, then for each one selects a conformity assessment module from the list that directive authorises. Most electronic directives (EMC, LVD, RoHS) offer only module A: no choice to make. The RED offers A, A1, B+C and H. Sectoral high-risk directives (medical, ATEX, pressure, lifts) impose Notified Body involvement above certain product classes.
The practical question is therefore twofold: am I in a case where a Notified Body is mandatory, and if not, is it worth involving one voluntarily?
The eight modules of Decision 768/2008/EC
Section titled “The eight modules of Decision 768/2008/EC”Decision 768/2008/EC is the reference text that codifies the modules. Each vertical directive (EMC, LVD, RED, etc.) picks from this palette the ones it authorises.
| Module | Title | NB involvement | Typical case |
|---|---|---|---|
| A | Internal production control | None | Pure self-declaration, the majority route |
| A1 | Internal control + supervised tests | NB for designated tests | RED when a harmonised standard is partially applied |
| A2 | Internal control + random checks | NB for occasional audits | Rare in electronics |
| B | EU-type examination | NB issues a type certificate | Preparatory step for C, D, E or F |
| C | Conformity to type (following B) | None (declaration based on B) | Self-declaration after a type certificate |
| C1 / C2 | C with tests or random audits | NB for tests or audits | Specific cases |
| D | Production quality assurance | NB audits production QA (ISO 9001-like) | Serial production, formalised quality |
| D1 | D without prior type examination | NB audits production QA | Variant |
| E | Product quality assurance | NB audits final inspection QA | Less common in electronics |
| F | Product verification | NB tests batch or units | Small critical batches |
| G | Unit verification | NB tests every unit | Industrial prototype, one-off |
| H | Full quality assurance | NB audits design + production QA | High-volume manufacturer, mature ISO QA |
Reading top to bottom: the deeper you go, the heavier the Notified Body involvement, and the higher the cost and lead time. But also the stronger the dossier coverage, which can matter against a demanding B2B market or a difficult market surveillance environment.
Modules available, directive by directive
Section titled “Modules available, directive by directive”The table below summarises the choices offered by the common electronic directives. This is the grid that decides, in practice, the route to take for a given product.
| Directive | Available modules | Notified Body mandatory? |
|---|---|---|
| Directive 2014/30/EU (EMC) | A only | No |
| Directive 2014/35/EU (LVD) | A only | No |
| Directive 2014/53/EU (RED) | A, A1, B+C, H | Depends on application of harmonised standards (art. 3.2 and 3.3) |
| Directive 2011/65/EU (RoHS) | A only (internal control) | No |
| Regulation 2017/745 (MDR, medical devices) | Variable by class | Yes from class IIa |
| Directive 2014/34/EU (ATEX) | B+C, B+D, B+E, B+F, G, H per category | Yes for most categories |
| Directive 2014/68/EU (pressure equipment) | Variable by risk category | Yes from category II |
| Directive 2014/33/EU (lifts) | B+E, B+D, B+F, G, H1 | Always |
| Directive 2006/42/EC (machinery) | A for most; B+C or H for annex IV | Yes for annex IV machines |
For a typical IoT product (Wi-Fi/BLE connected sensor, mains-powered), the applicable directives are EMC + LVD + RED + RoHS. EMC, LVD and RoHS impose module A. The RED leaves the choice open. If the RED harmonised standards fully cover the product, module A is enough across the board, no Notified Body. That is the most common situation in practice.
The RED special case
Section titled “The RED special case”The RED is the directive where the choice arises most often in consumer and industrial electronics. Four technical criteria decide:
- Are all article 3.2 harmonised standards fully applicable to the product? If yes, module A is possible. If no, partial A1 or B+C is required.
- Is article 3.1(a), health and safety, covered by EN 62368-1 and the field-exposure assessment (EN 62311 or EN 50385)? If yes, module A. If not, third-party examination.
- Does article 3.3, cybersecurity, data protection, fraud prevention, call for basic assurance only? With EN 18031 at basic level, module A remains possible. For substantial or high levels, or for requirements outside EN 18031, a Notified Body becomes necessary.
- Does the product use SDR (software-defined radio) or proprietary modes not described in standards? If yes, module B+C almost always.
For a cellular product with eSIM and substantial cybersecurity, the typical stack is RED EU-type examination + PTCRB certification + cybersecurity audit. The bill is heavy, but it matches a product that justifies it.
The decision framework
Section titled “The decision framework”Here is the path to follow, question by question, to decide which module to retain.
Question 1: Does the directive impose a Notified Body for my product?
Section titled “Question 1: Does the directive impose a Notified Body for my product?”For sectoral high-risk directives, the answer is dictated by the directive itself. A class IIa medical device, a zone 1 ATEX equipment, an industrial boiler, a passenger lift leave no choice: the Notified Body is mandatory along a grid defined by the directive.
→ If yes: the Notified Body is mandatory. The choice reduces to which module among those allowed, and which NB.
→ If no: continue to question 2.
Question 2: Are all applicable harmonised standards fully applied?
Section titled “Question 2: Are all applicable harmonised standards fully applied?”This is the central question for the RED. Presumption of conformity is invoked only if every essential requirement applicable to the product is covered by harmonised standards effectively applied in the dossier. A partially applied standard, for example because it does not cover a specific modulation of the product, leaves a gap that only a Notified Body can close.
→ If yes: module A possible. Continue to question 3.
→ If no: partial module A1 (for the tests not covered) or module B+C (for requirements not covered by any standard).
Question 3: Do I have a strategic interest in involving a Notified Body anyway?
Section titled “Question 3: Do I have a strategic interest in involving a Notified Body anyway?”Three legitimate reasons for voluntarily choosing an NB:
- Reduced legal risk on a new or complex product, a type certificate does not transfer liability, but it attests that a competent third party validated the design. In litigation, the defence is more solid.
- B2B credibility, industrial buyers, vehicle manufacturers, large integrators value (sometimes require) a type certificate as a tender document. It is an entry cost to a premium market.
- Export preparation, some third-country markets (Switzerland, United Kingdom, UAE, Singapore) accept the EU-type examination certificate as an entry document. This reduces the total cost of multi-regional certification.
→ If yes: module B+C or H (depending on volume and quality maturity).
→ If no: module A, the fastest and cheapest route.
Question 4 (RED 3.3 specific): What level of cybersecurity assurance is needed?
Section titled “Question 4 (RED 3.3 specific): What level of cybersecurity assurance is needed?”RED article 3.3(d), (e), (f) became applicable on 1 August 2025. The assurance level depends on the nature of the product and its exposure.
| Assurance level | Recommended module | Typical case |
|---|---|---|
| Basic | Module A with EN 18031 | Standard consumer IoT |
| Substantial | Module B (third-party examination) | B2B products, personal data processing |
| High | Module B + specialised third-party evaluation | Critical products, infrastructure |
Cost-benefit of each module
Section titled “Cost-benefit of each module”The table below gives order-of-magnitude figures for cost and lead time on an electronic product of average complexity. Ranges vary widely with the NB, the scope and the complexity.
| Module | Typical NB cost | Time added | When it is worth it |
|---|---|---|---|
| A | EUR 0 | 0 wks | Standard case, all harmonised standards applied |
| A1 | EUR 5 000 – 15 000 | 4 to 8 wks | RED with one partially-applied standard |
| B + C | EUR 8 000 – 30 000 | 6 to 16 wks | RED with proprietary modulation or RED 3.3 substantial |
| B + D | EUR 15 000 – 40 000 | 8 to 16 wks | Series production needing audited QA |
| B + F | EUR 10 000 – 25 000 (per batch) | 4 to 10 wks per batch | Small critical batches, industrial equipment |
| G | EUR 5 000 – 15 000 per unit | 4 to 8 wks per unit | Industrial prototype of high value |
| H | EUR 30 000 – 80 000 upfront + annual audits | 12 to 24 wks (setup) | High-volume manufacturer, mature QA |
On top of these, accredited ISO/IEC 17025 laboratory tests remain due whatever module is chosen.
Typical economic trade-off: for a one-off product manufactured in a few hundred units, module B+C is more cost-effective than module H. For a manufacturer releasing ten products a year in related families, module H becomes economically attractive from the fourth or fifth certification onwards.
Choosing the right Notified Body
Section titled “Choosing the right Notified Body”The NANDO database of the European Commission (New Approach Notified and Designated Organisations) references every NB by directive and member state. It is the mandatory starting point, an NB not listed in NANDO for the relevant directive cannot issue a valid certificate.
Selection criteria
Section titled “Selection criteria”- Precise notified scope. An NB may be notified for the RED but not for cybersecurity 3.3. Check the detailed list of tests and examinations covered in the NB's NANDO sheet.
- Real lead times. Quoted at 6-8 weeks, they can reach 16 weeks in peak periods (second half of the year, opening of new standards). Ask for a contractual commitment.
- Working language. Most NBs work in English. A few accept dossiers in French (LCIE Bureau Veritas in particular).
- Industrial reputation. For a B2B-bound product, the NB's name can weigh: a TÜV Rheinland or TÜV SÜD certificate opens doors others do not.
- Cost. NBs have different price grids; systematically ask for two or three comparative quotes.
Indicative list for electronics
Section titled “Indicative list for electronics”| NB | Number | Strengths |
|---|---|---|
| TÜV Rheinland | 0035 | Very broad coverage, strong B2B reputation |
| TÜV SÜD | 0123 | All radio types, cellular, medical device |
| DEKRA Certification | 0344 | Cellular, Wi-Fi, BLE, automotive |
| LCIE Bureau Veritas | 0081 | French, electrical-electronic, handles French dossiers |
| CETECOM | 0680 | Cellular specialist, SDR, OTA |
| Element (ex-TRP) | 1313 | Cybersecurity, SDR |
| INTERTEK Italia | 0359 | All radio types |
| 7Layers | 0700 | Cellular, OTA |
| Bureau Veritas Italia | 0426 | All radio types |
The four-digit number (e.g. 0123 for TÜV SÜD) accompanies the CE marking on the product when the NB has intervened. See the CE procedure for the affixing rules.
Frequent pitfalls
Section titled “Frequent pitfalls”On the self-declaration side
Section titled “On the self-declaration side”- Presumption of conformity claimed without backing it. Many manufacturers sign a DoC citing a harmonised standard without verifying it is fully applicable to the product. This is the most common non-conformity found in market surveillance checks.
- Obsolete standards. Citing a version withdrawn from the OJEU no longer brings presumption of conformity. Lists are updated several times a year, see our refresher on RED standards.
- Certified radio modules without integration documentation. The manufacturer believes it inherits the module's conformity without building its own dossier. False: the integrator must produce its own integration tests (EMC, safety, exposure).
- No formal risk analysis when the directive requires one (LVD, RED 3.1(a), Machinery).
- DoC signed by an unauthorised person or without a date. A formal flaw that invalidates the marking.
On the Notified Body side
Section titled “On the Notified Body side”- Poorly defined scope at kickoff. A scope too narrow forces re-testing; too broad inflates the quote. Pin down the scope precisely before signing.
- Confusion between type certificate and market authorisation. The type certificate attests technical conformity; it is not a marketing permit. The CE marking remains the manufacturer's responsibility.
- Underestimated lead times. Six quoted weeks become four months if a non-conformity is found and tests must be redone.
- Wrong working language. A French dossier submitted to an English-only NB forces a translation that costs time and money.
- Forgetting post-certification surveillance on modules D, E, H, annual audits are part of the contract.
The US analogue: SDoC vs Certification
Section titled “The US analogue: SDoC vs Certification”The US system has its own dichotomy. The FCC distinguishes two regimes for market placement:
- SDoC (Supplier's Declaration of Conformity): analogous to module A, for unintentional radiators (Part 15 Subpart B).
- Certification, analogous to module B+C, with mandatory involvement of a TCB (Telecommunication Certification Body) for intentional radiators.
See the FCC procedure for the detail of the US route. The analogy is not perfect, the FCC issues a unique FCC ID, the EU does not issue a centralised identifier, but the split between self-declaration and third-party certification cuts across both regimes.
A worked example
Section titled “A worked example”Case A: Wi-Fi/BLE IoT sensor, USB-powered, no personal data
Applicable directives: EMC, RED, RoHS. Harmonised standards: EN 55032, EN 55035, EN 300 328, EN 301 489-17, EN 62311, EN 18031-1 (basic level). All fully applied.
Decision: module A across the board. No Notified Body. 4-6 month schedule, EUR 15-25k testing budget. This is the most common route in industrial and consumer IoT.
Case B: Sub-GHz transmitter with proprietary modulation in the 868 MHz band
The modulation is not covered by EN 300 220. Every other aspect (EMC, safety, exposure) is covered by applied standards.
Decision: module A1 at minimum, with an NB supervising article 3.2 radio tests. If the modulation departs substantially from the standard's assumptions, module B+C becomes more prudent. Additional cost: EUR 8-15k for A1, EUR 15-30k for B+C. Added time: 6-12 weeks.
Case C: 4G/5G cellular router with substantial cybersecurity 3.3
Substantial cybersecurity falls outside the EN 18031 basic perimeter. The cellular product also requires PTCRB certification on the operator side.
Decision: RED module B+C, specialised cybersecurity audit in parallel, separate PTCRB certification. Three different NBs may intervene (RED radio, RED cybersecurity, PTCRB). Total NB cost: EUR 50-120k. Lead time: 6-9 months.
See the CE procedure, the RED procedure and the RED pillar for the detail of each route.
Sources & references
- Decision No 768/2008/EC, modules for conformity assessment , EUR-Lex eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32008D0768
- Directive 2014/53/EU (RED): annexes II to V , EUR-Lex eur-lex.europa.eu/eli/dir/2014/53/oj
- NANDO, database of Notified Bodies , European Commission single-market-economy.ec.europa.eu/single-market/goods/building-blocks/notified-bodies_en
- Blue Guide on the implementation of EU product rules , European Commission ec.europa.eu/docsroom/documents/49457