Is this worked example based on a real product or client?

No. The "Aurora ENV-1" sensor described here is entirely fictional and used only to illustrate a method. No real client, design or test report is referenced, and the figures for timing and cost are illustrative ranges, not commitments. The point is to show how the obligations connect and in what order, so you can map the same sequence onto your own product.

Which RED essential requirements apply to a BLE plus sub-GHz sensor?

A radio sensor engages all of the Radio Equipment Directive essential requirements: Article 3.1(a) safety and health, Article 3.1(b) electromagnetic compatibility, Article 3.2 effective use of spectrum, and the Article 3.3(d) cyber security requirement now activated by the delegated regulation. Each requirement maps to one or more harmonised standards, for example EN 300 328 and EN 300 220 for spectrum and EN 18031 for cyber.

Does the example product use FCC SDoC or full certification?

Both, on different parts. The unintentional radiator behaviour of the digital electronics falls under FCC Part 15 Subpart B and is handled by the Supplier's Declaration of Conformity route. The intentional radiators, the BLE radio and the sub-GHz radio, fall under Part 15 Subpart C and require full certification through a Telecommunication Certification Body, which issues an FCC ID.

When does the Article 3.3 cyber requirement actually apply?

The delegated regulation (EU) 2022/30 brings RED Article 3.3(d), (e) and (f) into force for in-scope radio equipment, with mandatory application from 1 August 2025. EN 18031 is the harmonised standard family used to demonstrate conformity. A connected sensor placed on the European Union market from that date must address these requirements in its technical file.

Why run pre-compliance testing before the formal lab visit?

Pre-compliance testing on the bench or at a screened site finds emissions failures, spurious radio outputs and immunity weaknesses while they are still cheap to fix in firmware or layout. Discovering the same fault in the accredited laboratory means paying for chamber time twice and slipping the schedule. Pre-compliance does not replace the accredited test, but it greatly improves the odds of passing first time.

Can one FCC ID and one CE file cover both radios?

A single FCC grant can list multiple transmitters under one FCC ID if they are tested together as a composite device, and a single EU technical file and declaration of conformity cover the whole product. However each radio still needs its own spectrum measurements, and simultaneous transmission has to be assessed. The administrative wrappers are shared, the radio evidence is per transmitter.

What goes wrong most often in a dual RED and FCC project?

The recurring failures are: assuming a pre-approved module removes all finished-product testing, forgetting the Article 3.3 cyber file, mislabelling the FCC SDoC versus certification split, and missing the simultaneous-transmission and band-edge measurements when two radios share an enclosure. Each is avoidable with an early test plan and a clear directive mapping.

How long does the illustrative timeline run end to end?

In this hypothetical the design-to-market path runs roughly six to nine months, dominated by firmware stabilisation, pre-compliance iterations and laboratory scheduling rather than the formal test weeks themselves. Real timelines vary widely with product maturity, module reuse and laboratory queues; see the certification timeline guide for the drivers.

Worked example: an IoT sensor through RED and FCC

Author Hugues Orgitello Last updated 29 May 2026 ~9 min read

Guide, worked example

This is a fully hypothetical, illustrative walkthrough: no real client, no real product, no confidential data. To make the certification sequence concrete, we follow an invented battery-powered environmental sensor, the "Aurora ENV-1", from a blank specification to a product carrying both a CE mark and an FCC ID. The device combines a Bluetooth Low Energy radio for local configuration with a sub-GHz radio for long-range telemetry, runs on a coin cell, and reports temperature and humidity. Every number quoted for time or cost is an illustrative range, not a promise. The aim is to show how the European Union Radio Equipment Directive route and the United States FCC route run in parallel, which standards attach where, and the order in which the work actually has to happen.

The hypothetical product

The Aurora ENV-1 is a sealed, wall-mounted indoor sensor. Defining its characteristics early is what fixes the entire compliance scope, so the specification is the first deliverable, not the last.

Attribute	Value (illustrative)
Local radio	Bluetooth Low Energy, 2,4 GHz
Telemetry radio	Sub-GHz, 868 MHz (EU868) and 915 MHz (US915)
Power	Single non-rechargeable lithium coin cell
Enclosure	Sealed plastic, fixed internal antennas
Function	Temperature and humidity reporting
Target markets	European Union and United States, first release

Two design choices drive most of the work. First, two radios in one enclosure means simultaneous-transmission and intra-device interference have to be assessed, not just each radio in isolation. Second, picking pre-approved radio modules versus designing radios from chips changes how much spectrum testing repeats at the finished-product stage. For the example we assume two distinct pre-approved modules, which is the common small-team strategy. For the broader starting framework, see certification getting started.

Step 1: map the product to directives and rules

Before any standard is chosen, the product is mapped to the legal instruments that apply in each market. This mapping is the backbone of the whole project.

European Union

As radio equipment, the sensor falls squarely under 2014/53/EU, the Radio Equipment Directive (RED). RED is a self-contained instrument: it absorbs the safety objectives that would otherwise come from the Low Voltage Directive and the protection requirements of the EMC Directive, so for a radio product you do not separately invoke 2014/30/EU or the LVD. The four essential-requirement strands are:

RED article	Requirement	Typical harmonised standard
3.1(a)	Safety and health	EN 62368-1, RF exposure route
3.1(b)	Electromagnetic compatibility	EN 301 489 series
3.2	Effective use of spectrum	EN 300 328 (BLE), EN 300 220 (sub-GHz)
3.3(d)	Cyber security	EN 18031 family

The Article 3.3(d) strand is the newest. It is activated by 2022/30, the delegated regulation that made the cyber requirements mandatory from 1 August 2025, so a sensor placed on the market now must address it in the technical file. Conformity is declared in an EU declaration of conformity backed by a technical documentation file, and the article-by-article scoping lives in the RED checklist.

United States

In the United States the product splits across two FCC subparts. The digital electronics, the microcontroller and its clocks, are an unintentional radiator under Part 15 Subpart B. The two radios are intentional radiators under Part 15 Subpart C. This split is the single most important FCC fact to get right for this product, and it is covered in FCC ID, grantee and TCB equipment authorization.

FCC scope	Part	Authorisation route	Output
Digital electronics (unintentional)	15 Subpart B	Supplier's Declaration of Conformity	Internal SDoC record
BLE radio (intentional)	15 Subpart C, 15.247	TCB certification	FCC ID
Sub-GHz radio (intentional)	15 Subpart C, 15.247/15.249	TCB certification	FCC ID

The EMC philosophy differs between the two regions, which matters when planning shared tests; the contrast is set out in CE vs FCC EMC and the whole dual-market logic in EU and US dual certification.

Step 2: select the standards

With the mapping fixed, each strand resolves to specific test standards. Choosing the exact standard version and the exact operating clause is done with the laboratory, because it determines limits and report content.

Spectrum, BLE: EN 300 328 for the 2,4 GHz wideband band in the European Union, and 47 CFR Part 15.247 for the same band in the United States.
Spectrum, sub-GHz: EN 300 220 for the 863 to 870 MHz SRD band in the European Union, and 47 CFR Part 15.247 or 15.249 for 902 to 928 MHz in the United States.
EMC: the EN 301 489 series for the European Union, with the radio-specific parts layered on the general part.
Safety: IEC 62368-1 (as EN 62368-1) for the electronics, plus an RF exposure justification.
Cyber: the EN 18031 family for RED 3.3, aligned with the consumer baseline EN 303 645.

Because the sensor is a product with digital elements, the horizontal 2024/2847 Cyber Resilience Act also applies on its own timeline, layered on top of the RED 3.3 obligation; both lean on the same EN 303 645 provisions, detailed in EN 303 645 IoT cyber security and Cyber Resilience Act (CRA).

Step 3: pre-compliance

Pre-compliance is the cheapest insurance in the whole programme. It is informal testing run by the development team to catch failures before the accredited laboratory bills for chamber time.

For the Aurora ENV-1 the pre-compliance loop covers:

Radiated emissions sweeps on a bench with a near-field probe and a low-cost spectrum analyser to spot clock harmonics early.
A quick check of BLE and sub-GHz spurious emissions and band-edge behaviour against the limits in EN 300 328 and EN 300 220.
Simultaneous-transmission checks: turn both radios on together and confirm one does not desensitise or pull the other.
Basic immunity exposure, for example electrostatic discharge to the enclosure seams and ports.
A cyber gap review against EN 18031 and EN 303 645 provisions: no universal default password, a secure update path, minimised exposed interfaces.

Each failure found here is fixed in firmware or layout, then re-checked. Only when the bench results sit comfortably inside the limits does the product go to the accredited laboratory. The test plan that structures this is the same one used for the formal campaign, drawn from the certification test plan template.

Step 4: the laboratory test plan

The formal test campaign is run at an accredited laboratory and documented in a test plan that ties each test back to the directive mapping. A single plan covers both regions, with per-region columns where limits differ.

Test group	EU basis	US basis	Notes
BLE spectrum	EN 300 328	47 CFR 15.247	Power, bandwidth, band edge, duty
Sub-GHz spectrum	EN 300 220	47 CFR 15.247/15.249	Per band: EU868 and US915
Radiated and conducted emissions	EN 301 489, EN 55032	47 CFR 15 Subpart B	Unintentional radiator
Immunity	EN 301 489 series	Not required by FCC	EU only
RF exposure	RF exposure route	OET Bulletin 65	Low power exemption likely
Electrical safety	EN 62368-1	Not an FCC matter	Coin cell, low voltage
Cyber	EN 18031	Not an FCC matter	Documentation and assessment

Two finished-product points matter even with pre-approved modules. First, the host integration conditions in each module grant must be respected, or the module approvals do not carry over. Second, the composite device, both radios in their final enclosure with the final antennas, has to be measured for emissions and simultaneous operation regardless of module pedigree. A pre-approved module reduces repeated radio work; it does not remove finished-product testing.

Step 5: the EU technical file and declaration of conformity

On the European side, conformity is self-declared because harmonised standards are used in full and no notified body is mandatory for this class of radio product when those standards are applied. The work product is a technical file that an authority can demand at any point during the ten years after the last unit ships.

The file assembles:

Product description, photographs, block diagram and a list of variants.
The directive mapping and the list of standards applied, with versions.
The full set of accredited test reports (spectrum, EMC, exposure, safety).
The risk analysis, built with the methods in risk management with ISO 14971, IEC 31010, FMEA and FTA.
The cyber documentation for RED 3.3 and the CRA gap analysis.
The signed EU declaration of conformity, naming the manufacturer, the product, the directives and the standards.

Once the declaration is signed, the CE mark is applied and the product can be placed on the European Union market. The composition of the file is detailed in technical documentation file contents.

Step 6: the FCC ID through a TCB

On the United States side the two intentional radiators must be certified, and certification is granted by a Telecommunication Certification Body, a private accredited organisation authorised to issue FCC grants. The unintentional-radiator behaviour is handled separately by the manufacturer's own Supplier's Declaration of Conformity, which is kept on file rather than submitted.

The certification flow for the Aurora ENV-1:

Obtain an FCC Registration Number and a Grantee Code, which forms the prefix of the FCC ID.
Submit the accredited radio test reports, the operational description, internal and external photographs, and the label artwork to the TCB.
The TCB reviews and, if compliant, issues the grant of equipment authorisation and the FCC ID.
The grant is published in the FCC equipment authorisation database.

Because both radios sit in one enclosure, they can be filed as a composite device under one FCC ID, but each transmitter keeps its own measurement set and the simultaneous-transmission case is assessed. The grantee, TCB and database mechanics are covered in FCC ID, grantee and TCB equipment authorization.

Step 7: labelling and marking

The finished product carries the marks and identifiers that prove each approval. For a small sealed enclosure, electronic labelling (e-labelling) may carry some of this where the rules allow, but the physical minimum still applies.

Mark or identifier	Market	Source
CE mark	European Union	RED conformity
FCC ID	United States	TCB grant
FCC compliance statement	United States	Part 15 SDoC and Subpart C
Crossed-out wheelie bin	European Union	WEEE
Battery and recycling marks	European Union	EU Battery Regulation

Environmental marking pulls in RoHS, WEEE, REACH SVHC and the EU Battery Regulation for the coin cell. The cell also drags in UN 38.3 transport testing before the product can ship, separate from any market approval.

Step 8: the illustrative timeline and budget

To make the sequence tangible, here is a hypothetical timeline. Treat every figure as an illustrative range; real projects vary with product maturity and laboratory queues, as explained in certification timeline and certification costs.

Phase	Illustrative duration	What dominates it
Specification and directive mapping	2 to 4 weeks	Decisions, not testing
Module selection and design	4 to 8 weeks	Hardware and firmware
Pre-compliance iterations	4 to 10 weeks	Firmware and layout fixes
Accredited testing (EU and US)	3 to 6 weeks	Laboratory scheduling
Technical file and DoC	2 to 3 weeks	Document assembly
FCC TCB review and grant	1 to 3 weeks	TCB queue

The lesson the timeline teaches is that the formal test weeks are rarely the bottleneck. Firmware stabilisation, pre-compliance rework and laboratory queues consume far more calendar time, which is why an early, accurate directive mapping pays back so heavily.

Common pitfalls

Pitfall	Consequence	Avoid by
Assuming a pre-approved module needs no finished-product testing	Failed composite emissions or exposure, blocked launch	Measuring the finished device and honouring module host conditions
Forgetting the RED Article 3.3 cyber file	Technical file incomplete, market access at risk	Building the EN 18031 evidence in from the design stage
Confusing FCC SDoC and certification scope	Wrong filing, rejected or non-compliant	Splitting unintentional (Subpart B) from intentional (Subpart C) clearly
Skipping simultaneous-transmission tests	Real-world desensitisation, surprise field failures	Testing both radios live together during pre-compliance
Missing band-edge and spurious measurements	Spectrum non-compliance in one region	Per-band test lines in a single shared test plan
Ignoring the coin cell for shipping	Held shipments, carrier rejection	UN 38.3 transport testing alongside market approvals
Treating CE and FCC as the same EMC evidence	Re-test or non-compliance in one market	Mapping the differing limits and immunity rules early

Sources and references

Sources & references

Directive 2014/53/EU (Radio Equipment Directive) , EUR-Lex eur-lex.europa.eu/eli/dir/2014/53/oj
Commission Delegated Regulation (EU) 2022/30 (RED Article 3.3 cyber security) , EUR-Lex eur-lex.europa.eu/eli/reg_del/2022/30/oj
ETSI EN 300 328, wideband transmission systems in the 2,4 GHz band , ETSI www.etsi.org/deliver/etsi_en/300300_300399/300328/
ETSI EN 300 220, short range devices in the 25 MHz to 1000 MHz range , ETSI www.etsi.org/deliver/etsi_en/300200_300299/30022002/
47 CFR Part 15, radio frequency devices (Subparts B and C) , FCC www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-15
47 CFR Part 15.247, operation within the bands 902-928 MHz, 2400-2483.5 MHz and 5725-5850 MHz , FCC www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-15/subpart-C/section-15.247
ETSI EN 18031, common security requirements for radio equipment , ETSI www.etsi.org/standards
Regulation (EU) 2024/2847 (Cyber Resilience Act) , EUR-Lex eur-lex.europa.eu/eli/reg/2024/2847/oj