What is a substantial modification under the EU Blue Guide?

A substantial modification is a change made to a product after it has been placed on the market that affects its compliance with the applicable essential requirements, or that changes its original performance, purpose or type. The Blue Guide explains that when a product is substantially modified, it can be regarded as a new product. The party who carries out the modification then takes on the obligations of a manufacturer: new conformity assessment, new technical file, new declaration of conformity, and where required new CE marking.

Does a repair count as a substantial modification?

Generally no. Restoring a product to its original condition by replacing a worn or defective part with an equivalent one is maintenance, not modification, and does not create a new product. The line is crossed when the work changes the original performance, purpose or type, or when it reintroduces or worsens a risk addressed by an essential requirement. A repair that keeps the product within its original specification stays outside the substantial modification concept.

Can a software or firmware update be a substantial modification?

Yes. The Blue Guide and recent EU legislation treat software as part of the product. A firmware update that changes the intended function, adds a radio mode, alters the safety behaviour, or modifies a cybersecurity property can trigger a fresh conformity assessment. Routine bug fixes and security patches that keep the product within its assessed scope normally do not. The Machinery Regulation 2023/1230 and the Medical Devices Regulation make the software dimension explicit.

Who becomes responsible after a substantial modification?

The natural or legal person who carries out the substantial modification, and who then makes the modified product available on the market, takes on the manufacturer obligations for the changes. This can be the original manufacturer, but it can also be an importer, a distributor, a refurbisher or an end user who modifies a product and then places it on the market again. Taking on manufacturer obligations means full responsibility for the conformity of the modified product.

Does refurbishing a used product trigger a new conformity assessment?

It depends on the depth of the work. Cleaning, testing and replacing worn parts with equivalents is reconditioning and stays outside the concept. Re-manufacturing that upgrades performance, changes the function, or rebuilds the product to a different specification can make it a new product. The forthcoming push on circularity and the Ecodesign for Sustainable Products Regulation make this distinction increasingly important for the second-hand and refurbished market.

How does this compare with the US FCC permissive change classes?

The FCC uses a graded permissive change scheme for already-authorised equipment: Class I changes need no filing, Class II changes need a filing and updated test data under the same FCC ID, and Class III covers software changes to software-defined radios. The EU has no equivalent graded scheme. There is a single binary question, is the change substantial or not. If it is, the modified product is treated as new and the full conformity assessment route applies again.

Do I always need a Notified Body again after a substantial modification?

Only if the applicable conformity assessment route requires one. If the original product was self-declared under module A and the modified product can still be self-declared, no Notified Body is involved. If the directive imposes a Notified Body for that product type, or the modification introduces a requirement that cannot be self-declared, then the Notified Body must be involved again for the affected scope. The trigger is the assessment route, not the modification itself.

Substantial modification: when to re-certify in the EU

Author Hugues Orgitello Last updated 28 May 2026 ~13 min read

Guide · Modification and recertification under EU law

A product placed on the EU market with a valid CE marking is not frozen forever. It can be repaired, upgraded, refurbished and updated, sometimes by the original manufacturer, sometimes by a third party. The question that decides everything is whether the change is a "substantial modification". If it is, the Blue Guide says the modified product can be treated as a new product, and whoever carried out the change inherits the full obligations of a manufacturer: a new conformity assessment, a new technical file, a new declaration of conformity, and possibly a new CE marking and renewed Notified Body involvement. This guide explains the concept, the criteria that trigger it, the cases where it does not apply, and the practical consequences, with a short comparison to the US FCC permissive-change classes.

Why the concept exists

EU product law rests on the idea of "placing on the market": the moment a product is first made available in the Union. The conformity obligations attach at that moment, against the product as it was at that moment. The Blue Guide closes an obvious loophole: if a product could be deeply changed after it was placed on the market without any new assessment, the original CE marking would cover a product that no longer exists in that form.

The substantial modification concept therefore extends the manufacturer obligations forward in time. A change that is significant enough to alter the safety or performance basis of the original assessment re-opens the question of conformity. The product is, in legal effect, placed on the market again, and the rules apply again to its new state.

This matters far beyond the original factory. Importers, distributors, repair shops, refurbishers, system integrators and even sophisticated end users can carry out modifications. Any of them can, by the depth of their work, become a manufacturer in the eyes of EU law.

The core test

The Blue Guide frames the test around two questions. A modification is substantial when it affects either of the following.

Compliance with the applicable essential requirements. Does the change touch a property that an essential requirement governs (electrical safety, EMC, radio behaviour, mechanical safety, exposure to fields, cybersecurity)? Does it reintroduce or worsen a risk that the original assessment had addressed?
The original performance, purpose or type. Does the change alter what the product does, what it is for, or what category it belongs to? A device that gains a new function, a new operating mode, or a different intended use is no longer the product that was assessed.

If the honest answer to either question is yes, the modification is substantial and the modified product is, in principle, a new product.

A useful way to read the test: the original conformity assessment was a snapshot of a specific design against specific requirements. A substantial modification is any change large enough that the snapshot no longer describes the product in front of you.

What is not a substantial modification

The concept is deliberately narrow. A great many ordinary activities keep a product within its original conformity and do not create a new product.

Activity	New product?	Reasoning
Repair to original condition	No	Restores the assessed specification, no change of performance or type
Replacement with an equivalent part	No	Like-for-like, the design basis is unchanged
Routine maintenance and cleaning	No	Keeps the product within its original scope
Reconditioning of a used unit	No (usually)	Restores function without changing the specification
Security patch or bug-fix firmware	No (usually)	Keeps the assessed behaviour, fixes a defect
Cosmetic change (colour, label)	No	Does not touch an essential requirement
Adding a new radio band or mode	Yes	Changes radio behaviour and type
Removing or defeating a safety function	Yes	Affects an essential safety requirement
Upgrading to a higher performance class	Yes	Changes the original performance
Changing the intended purpose	Yes	Changes the type and intended use

The principle behind the left column: the test is about the effect of the work on conformity and on performance, purpose or type, not about how much labour it took. A complex repair that returns the product to its original specification is still a repair. A trivial firmware flag that enables a new transmit mode can be a substantial modification.

Repair, maintenance and equivalent replacement

The clearest safe zone is repair and maintenance that restore the product to the condition in which it was placed on the market. Replacing a failed power supply with an identical or equivalent one, swapping a cracked enclosure for the same part, or re-flashing the original firmware version are maintenance acts. They do not engage the substantial modification concept because they do not change performance, purpose or type, and they do not reintroduce a risk. The detailed rules on swapping parts are covered in component substitution rules.

The risk appears when "equivalent" is interpreted loosely. A replacement component with a higher power rating, a different switching frequency, a wider operating temperature, or a different radio front-end is not equivalent for the purposes of this test. It may change EMC behaviour, thermal margins or radio emissions, and so it may cross into modification territory.

Refurbished and reconditioned products

The second-hand and refurbished market sits exactly on this boundary, and the depth of the work decides the outcome.

Reconditioning that cleans, tests and replaces worn parts with equivalents, restoring the product to its original specification, normally keeps it within the original conformity. The product is the same product, restored.
Re-manufacturing or upgrading that rebuilds the product to a different specification, improves its performance, changes its function, or combines parts from different units into a new configuration can make it a new product. The party doing the work then takes on manufacturer obligations.

The distinction is becoming commercially important as circular-economy rules expand and as the resale of electronics grows. A refurbisher who merely restores units operates safely; a refurbisher who upgrades and re-specifies them needs to treat the result as a new product, with a fresh technical file and declaration of conformity. The same logic underlies the obligations of any economic operator who handles the product along the chain, as set out in authorised representative and importer obligations.

Software and firmware updates

Modern products are inseparable from their software, and EU law has caught up with this reality. The Blue Guide treats software that affects the product's compliance as part of the product. Recent regulations go further and make the software dimension explicit.

The decisive question for an update is the same core test, applied to code: does the update change a property governed by an essential requirement, or change the performance, purpose or type?

Update type	Typical outcome	Why
Security patch within assessed scope	Not substantial	Keeps assessed behaviour, closes a defect
Bug fix that restores intended function	Not substantial	Returns the product to its specification
Performance tuning within original limits	Not substantial (usually)	Stays within the assessed envelope
New feature that adds a radio mode	Substantial	Changes radio behaviour and type
Update that changes a safety interlock	Substantial	Affects an essential safety requirement
Update that weakens a cybersecurity property	Substantial	Affects an essential requirement (RED 3.3)
Update that changes intended use	Substantial	Changes the type and purpose

RED article 3.3 cybersecurity

For radio equipment, Directive 2014/53/EU article 3.3(d), (e) and (f) makes data protection, fraud prevention and network protection essential requirements. Because these requirements live partly in software, an update that materially changes a cybersecurity property of the product touches an essential requirement. A patch that strengthens or maintains the assessed security posture is maintenance. A change that weakens it, or that introduces a new attack surface (a new exposed service, a new remote interface), can be a substantial modification that re-opens the conformity assessment. The interaction between security updates and conformity is one of the most active areas of EU product law.

Machinery Regulation 2023/1230

Regulation 2023/1230 on machinery, which replaces the old Machinery Directive, addresses software and digital systems directly, including software that performs a safety function and the handling of safety-relevant updates. A software change that alters a safety function of a machine is, by design, a change that affects an essential health and safety requirement, and therefore a candidate for substantial modification.

Medical devices

Under Regulation 2017/745 (MDR), software is regulated tightly and changes are tracked through the manufacturer's quality system and change-control procedures. A significant change to the design or intended purpose of a device, including its software, requires the involvement of the Notified Body for the affected scope. The MDR framework is stricter and more formalised than the general Blue Guide concept, but it rests on the same logic: a significant change re-engages conformity.

Consequences when a modification is substantial

Once a change is judged substantial, the modified product is treated as new, and the full machinery of placing on the market applies again to its new state.

New conformity assessment. The applicable route runs again for the affected requirements. If the original route was module A self-declaration and self-declaration is still possible, the modifier repeats it for the new state. If the directive or the change demands a Notified Body, the Notified Body is involved again for the affected scope.
New technical documentation. The technical file must reflect the modified product: updated risk analysis, test reports covering the change, and a clear description of what changed and why it is conform.
New declaration of conformity. A fresh DoC is drawn up for the modified product, signed by the party who took on the manufacturer role.
CE marking. Where the assessment leads to it, the modified product carries the CE marking, with a Notified Body number if a Notified Body was involved.
Economic-operator obligations. Registration, traceability, post-market monitoring and cooperation with authorities apply to the modified product and its new responsible party.

The party who carried out the substantial modification, and who then makes the product available, is the one who takes on these obligations. The original manufacturer is not automatically responsible for a modification it did not perform and did not authorise.

Who becomes the manufacturer

Who modifies	Likely status after a substantial modification
Original manufacturer	Manufacturer of the new product variant
Importer or distributor	Becomes a manufacturer for the modified product
Refurbisher or re-manufacturer	Becomes a manufacturer when the work changes the product
System integrator	Manufacturer of the combined product, if the combination is a new product
End user who modifies then resells	Becomes a manufacturer on placing the modified product on the market

This is why the concept matters to so many parties: anyone who changes a product significantly and then puts it back on the market can inherit manufacturer liability. The interplay with surveillance authorities, and what happens when a modified product is found non-conform, is covered in market surveillance and Safety Gate and underpinned by Regulation 2019/1020.

A decision path

Walk these questions in order for any planned change.

Question 1: Does the change affect an essential requirement?

Does it touch electrical safety, EMC, radio behaviour, mechanical safety, field exposure or cybersecurity? If it plainly does not (a cosmetic label, a documentation correction), the change is not substantial. If it might, continue.

Question 2: Does it change performance, purpose or type?

Does the product now do something new, serve a new purpose, or belong to a different category? If yes, the modification is substantial. If no, continue.

Question 3: Is it a repair, maintenance or equivalent replacement?

If the work restores the product to its original specification with equivalent parts, it is maintenance and stays outside the concept. If "equivalent" is generous, re-check question 1.

Question 4: For software, does the update keep the assessed behaviour?

A patch or bug fix that keeps the product within its assessed scope is maintenance. An update that adds a function, changes a safety behaviour, or weakens a security property is a candidate for substantial modification.

Question 5: If substantial, what assessment route applies?

Re-run the conformity assessment for the affected requirements. Decide whether a Notified Body is required, draw up a new technical file and a new declaration of conformity, and apply the CE marking to the modified product.

A modification can be partial: only the affected requirements need re-assessment, not necessarily the whole product. If a firmware update changes only a radio mode, the radio scope is re-assessed while untouched safety scopes can rely on the existing evidence, provided the change does not disturb them.

The US contrast: FCC permissive changes

The United States handles changes to already-authorised equipment through a graded permissive change scheme, which is more granular than the EU binary test. For equipment authorised under an FCC ID, the FCC distinguishes classes of change.

FCC change class	Meaning	Filing
Class I	No degradation of previously reported characteristics	No filing required
Class II	Changes affecting the RF characteristics within the same FCC ID	Filing with updated test data, same FCC ID
Class III	Software changes to a software-defined radio	Filing under the SDR rules

The detail of this scheme, and the line between a permissive change and a new FCC ID, is covered in change management under FCC Class II permissive changes.

The structural difference is clear. The FCC offers a tiered path that lets many changes stay under the original authorisation with a graded filing burden. The EU offers no tiers: a change is either substantial, in which case the modified product is treated as new and the full route runs again, or it is not, in which case nothing changes. Engineers moving between the two systems should not assume an FCC Class II analogue exists in EU law. It does not. The EU question is binary, and the consequence of crossing the line is heavier, because there is no lightweight "permissive" lane to fall into.

A second difference is the identifier. The FCC issues a unique FCC ID that ties the authorisation to a specific configuration, so the agency can track which changes ride under which ID. The EU issues no centralised product identifier under the CE system, so the discipline of deciding whether a change is substantial falls entirely on the responsible economic operator, with market surveillance as the enforcement backstop. For the broader picture of routes and obligations, see the CE pillar.

Practical pitfalls

Assuming a firmware update is always safe. Many teams treat any software update as maintenance. An update that adds a radio mode or weakens a security property can be a substantial modification. Build a change-control gate that asks the core test before every release.
Treating "equivalent" too loosely on parts. A component swap to a different power class, switching frequency or radio front-end can change EMC, thermal or radio behaviour. See component substitution rules.
Refurbishing while upgrading. A refurbisher who improves performance or re-specifies a product becomes a manufacturer and needs a new technical file and declaration of conformity.
Forgetting who inherits liability. The party performing the substantial modification, not necessarily the original maker, takes on manufacturer obligations. Importers and distributors who modify products are particularly exposed.
Re-assessing everything when only a scope changed. A substantial modification reopens the affected requirements, not always the whole product. Scope the re-assessment to the change while documenting why the untouched scopes are undisturbed.
No traceability for the modified state. A modified product needs its own technical file, its own declaration of conformity and its own marking. A modification slipped into a product without documentation is a market-surveillance failure waiting to happen.

A worked example

Case: a connected industrial sensor, originally self-declared

A Wi-Fi sensor was placed on the market under EMC, RED and RoHS, self-declared under module A with full presumption of conformity from harmonised standards.

Scenario A, security patch. A firmware update closes a vulnerability and keeps every assessed behaviour. Not substantial. Document the patch in the technical file; no new assessment.
Scenario B, new radio band. A firmware update enables a sub-GHz transmit mode the original assessment never covered. The radio behaviour and type change. Substantial: re-assess the radio scope, update the technical file, issue a new declaration of conformity, re-affix the CE marking. A Notified Body is needed only if the new radio scope cannot be self-declared.
Scenario C, refurbisher upgrade. A third party rebuilds returned units with a higher-power radio module and resells them. The refurbisher has changed performance and type and becomes the manufacturer of a new product, with a full new conformity assessment and declaration of conformity.

Across all three, the binary test is the same: did the change affect an essential requirement, or change performance, purpose or type? The answer decides whether the product is the same product or a new one.