Skip to content

RED certification, step-by-step procedure

RED · Pillar

The RED certification procedure differs noticeably from other CE directives. RED offers more assessment modules and more frequently requires Notified Body involvement, notably when article 3.2 harmonised standards are not fully applied. This page details the available modules, selection criteria, and the practical sequence of a radio product project in 2026.

Annexes II to IV of the RED directive define three conformity routes, to be chosen based on harmonised standards applicability:

ModuleAnnexTypical applicationThird party required
AIIHarmonised standards fully appliedNo
B + CIII3.2 or 3.3 standard not applied or partially applied: EU type examinationNB (examination)
HIVComplete audited quality systemNB (ISO 9001-like audit)

Contrary to a widespread belief, RED has no "module A1 / supervised tests" variant: as soon as an article 3.2 or 3.3 harmonised standard is not applied in full, article 17 of the directive imposes the EU-type examination (B+C) or full quality assurance (H). For article 3.1 requirements alone, all three routes remain open even without harmonised standards.

Module A: Internal control (most frequent)

Section titled “Module A: Internal control (most frequent)”

Module A applies when all applicable RED harmonised standards (articles 3.1(a), 3.1(b), 3.2, 3.3) are fully applied. The manufacturer:

  1. Performs the tests (in-house or accredited external lab)
  2. Assembles the technical file per Annex V
  3. Signs the EU Declaration of Conformity
  4. Affixes the CE marking

No Notified Body intervenes. For a 2.4 GHz Wi-Fi/BLE product applying EN 300 328, EN 301 489-17, EN 62311 and EN 62368-1, module A is the standard route.

Module B+C is mandatory (module H being the only alternative) when:

  • no article 3.2 harmonised standard is applicable, applied in full or at all, OR
  • cybersecurity article 3.3 is assessed without EN 18031, or one of the OJEU-citation restrictions on EN 18031 is triggered (no-password option, parental controls for toys and childcare equipment, secure updates for financial assets).

Typical case: a product using a proprietary modulation in the 868 MHz band not fully covered by EN 300 220. The NB examines the design for the uncovered aspects; test reports on the standards applied in full feed the same examination file.

Procedure:

  • Module B, the NB examines a representative sample, validates the design against essential requirements, and issues an EU-type examination certificate.
  • Module C, the manufacturer declares its production conforms to the certified type and applies the CE marking.

RED specificity: under module B+C, the 4-digit NB number is not affixed next to the CE marking; article 20 of the directive reserves that marking for the Annex IV full-quality-assurance route.

Module H applies to manufacturers with a complete quality system (ISO 9001 + RED-specific procedures) audited by an NB. Once certified, the manufacturer can:

  • self-declare each product without ad-hoc NB intervention;
  • benefit from relaxed quality system surveillance (annual audits).

Suited to high-volume manufacturers with many references, the initial investment (€30,000–80,000 for system certification) is amortised by reduced per-unit assessment costs.

Three criteria trigger NB obligation for RED:

  1. Modulation/band not covered by an article 3.2 harmonised standard (module B+C, or H).
  2. Cybersecurity 3.3 not covered by EN 18031, or an OJEU restriction on EN 18031 triggered (module B + C).
  3. Audited quality system for module H.

For a standard IoT product using Wi-Fi, BLE and/or cellular with standard modulations, an NB is generally not required, module A suffices.

The NANDO database lists NBs notified for directive 2014/53/EU, several dozen bodies across the EU. Among those regularly used for IoT electronic products:

NBNumberSpecialties
TÜV Rheinland LGA Products0197All radio types
TÜV SÜD Product Service0123All radio types, cellular
DEKRA Certification B.V.0344Cellular, Wi-Fi, BLE
LCIE Bureau Veritas0081All radio types
Telefication0560All radio types
cetecom advanced0680Cellular specialist, SDR
PHOENIX TESTLAB0700All radio types

Selection criteria:

  • Notified scope: verify the NB is notified for your product's specific tests (cybersecurity for example is not covered by all).
  • Lead times: 6 to 16 weeks depending on load.
  • Costs: an EU-type examination certificate (module B) typically costs €8,000 to €30,000 for a standard radio product, €30,000 to €80,000 when a cybersecurity 3.3 examination with security testing is included.
  • Industry reputation with operators and customers (useful in B2B).

Here is the chronology of a RED project in module A for an 868 MHz + BLE IoT sensor, mains-powered, with 3.3 cybersecurity:

  • Identify all applicable directives (RED + implicit EMC via 3.1(b), LVD, RoHS, REACH, ecodesign).
  • List the intentional transmitters present: 868 MHz (LoRa), BLE 2.4 GHz, NFC (if present).
  • Select the harmonised standards in force for each band and article.
  • Assess article 3.3 cybersecurity applicability and check whether an EN 18031 OJEU restriction is triggered.

Phase 2: Design and risk analysis (weeks 3-6)

Section titled “Phase 2: Design and risk analysis (weeks 3-6)”
  • Perform RED 3.1(a) safety risk analysis (RF exposure, SAR if concerned).
  • Document cybersecurity architecture (3.3).
  • Select critical components (certified radio modules, power supplies, batteries).
  • Prepare radio configurations (powers, modulations, antennas).
  • Conducted and radiated EMC pre-tests.
  • Radio 3.2 pre-tests (EIRP, spectral occupancy) in semi-anechoic chamber.
  • Internal EN 18031 assessment (architecture review, security tests).
  • Design fixes if needed.
  • EMC + radio tests in ISO 17025 accredited lab.
  • LVD safety tests per EN 62368-1.
  • Cybersecurity assessment by specialised body (can be in parallel).
  • Partial retests after fixes (if needed).
  • Compilation of Annex V (description, drawings, standards, tests, etc.).
  • SDR documentation if applicable.
  • DoC drafting and signature.
  • CE marking application.
  • Production of first marked units.
  • File archival (10 years after last unit).
  • Post-market surveillance: quality returns, cybersecurity vulnerabilities, modifications.

Total schedule for a typical RED IoT product: 4 to 6 months from the start of the certification phase. For a cellular product with NB, add 2 to 4 months for the EU type examination.

RED marking rules are the same as for other CE directives, with one specificity that surprises even experienced teams:

  • If module A or B+C: CE marking alone, height ≥ 5 mm. Under RED, the EU-type examination does not add the NB number to the marking.
  • If module H (Annex IV full quality assurance): CE marking followed by the 4-digit number of the NB, same height as the CE marking (article 20 of the directive).

Example: CE 0123 for a product manufactured under a full quality assurance system audited by TÜV SÜD.

The marking must appear on the product, its packaging, and instructions. For very compact modules (probes, bare microcontrollers), a height derogation is admitted if legibility remains assured. Marking on packaging and instructions remains mandatory.

For a product integrating multiple radios (Wi-Fi + BLE + LTE), each radio is assessed per its article 3.2 standard, but EMC article 3.1(b) tests must be done in combined mode, all radios active simultaneously, to identify intermodulations.

A Wi-Fi access point that can also operate in client mode must be tested in all modes. The DoC may cover modes or separate DoCs may be produced.

Software-defined equipment requires specific documentation in the technical file:

  • List of authorised hardware-firmware combinations
  • Description of protection mechanisms against unauthorised configurations
  • Signed and traced software update procedure

A firmware modification affecting radio parameters requires a new 3.2 assessment and DoC update.

Products integrating an eSIM (embedded SIM remotely reprogrammable) are assessed as cellular products. The eSIM itself is not separately CE-marked; installed operator profiles do not affect the CE status.

RED reassessment rules are strict:

ModificationReassessment required?
CosmeticNo
Software without radio impactNo
Equivalent component changeDepends on EMC impact
Antenna changeYes (3.2 + 3.1(b))
Transmit power changeYes (3.2)
Band additionYes (3.2 new band)
Modulation changeYes (3.2)
Firmware update affecting radioYes (3.2)
Cybersecurity redesignYes (3.3)

The modification history must appear in the technical file with an impact justification for each revision.

Sources & references

  1. Annexes II to V of Directive 2014/53/EU , EUR-Lex eur-lex.europa.eu/eli/dir/2014/53/oj
  2. NANDO: RED Notified Bodies , European Commission single-market-economy.ec.europa.eu/single-market/goods/building-blocks/notified-bodies_en