Requirements check

Smart home product

For example: smart plug, smart thermostat, video doorbell.

10 regulations applyEuropean Union:
CEWEEE
United States:
FCC ID
Third-party assessment may be required

As radio equipment, the EU RED (and UK Radio Equipment Regulations 2017) covers safety and EMC objectives, so LVD/EMC are not listed separately — this includes mains-voltage products like smart plugs. Products wired into fixed installations (in-wall switches) may additionally engage national wiring rules — verify. Devices with cameras or microphones raise GDPR/UK GDPR privacy obligations, and voice assistants with AI features may have EU AI Act transparency duties — both beyond this dataset, verify for your product. RED cybersecurity delegated regulation applies since 1 August 2025; CRA applies in full from 11 December 2027.

European Union7 instruments

Cyber Resilience Act(EU) 2024/2847counts toward CEphasing in

Horizontal cybersecurity requirements for 'products with digital elements' — connectable hardware and software. In force since 10 December 2024; vulnerability/incident reporting duties start 11 September 2026 and the main obligations (including CE marking against the CRA) apply from 11 December 2027.

Key obligations

  • 01Design, develop and produce the product in line with the essential cybersecurity requirements of Annex I, based on a documented cybersecurity risk assessment ('security by design').source
  • 02Handle vulnerabilities for the product's support period, which must reflect the time the product is expected to be in use — generally no less than five years — including providing security updates.source
  • 03From 11 September 2026: report actively exploited vulnerabilities and severe incidents — early warning within 24 hours of awareness, full notification within 72 hours, and a final report within 14 days (vulnerabilities) or one month (incidents) — via the CRA Single Reporting Platform to your CSIRT coordinator and ENISA.source
  • 04Carry out a conformity assessment, draw up technical documentation and an EU Declaration of Conformity, and affix the CE marking before placing the product on the market (from 11 December 2027).source

The EU's baseline safety law for consumer products, applicable since 13 December 2024. It replaces the General Product Safety Directive and adds duties around traceability, online selling, recalls and having a responsible economic operator in the EU.

Key obligations

  • 01Only place safe products on the market. Safety is assessed against the product's characteristics, packaging, instructions, the consumers who will use it, its appearance (food-imitating products) and, where relevant, cybersecurity features.source
  • 02A product may only be placed on the EU market if there is a responsible economic operator established in the EU — an EU manufacturer, importer, authorised representative or fulfilment service provider (Article 16).source
  • 03Carry out an internal risk analysis and draw up technical documentation; keep product identification and traceability information available (manufacturers, importers and distributors each have tiered duties).source
  • 04Report accidents caused by your products and notify dangerous products to the authorities through the Safety Business Gateway.source

The EU's enforcement framework for product rules. Its Article 4 is the practical blocker for online sellers: since 16 July 2021, most CE-marked goods can only be placed on the EU market if an economic operator established in the EU is responsible for compliance tasks — and that operator's contact details must accompany the product.

Key obligations

  • 01A product covered by the Article 4 list may only be placed on the EU market if there is an economic operator established in the Union responsible for the Article 4 tasks (applies since 16 July 2021).source
  • 02That operator can be: the manufacturer established in the EU; an importer (where the manufacturer is not established in the EU); an authorised representative with a written mandate; or an EU-established fulfilment service provider handling the products (Article 4(2)).source
  • 03The operator's tasks (Article 4(3)): verify that the EU Declaration of Conformity and technical documentation exist and keep the DoC available; provide information and documentation to authorities on request; inform authorities when a product presents a risk; cooperate on corrective action.source
  • 04The name, registered trade name or trade mark and contact details (including postal address) of the Article 4 operator must be indicated on the product or on its packaging, the parcel or an accompanying document (Article 4(4)).source
Radio Equipment Directive2014/53/EUcounts toward CE

The CE framework for anything that intentionally transmits or receives radio waves — Wi-Fi, Bluetooth, cellular, NFC and more. It bundles safety, EMC and spectrum requirements, and since 1 August 2025 adds mandatory cybersecurity requirements for internet-connected radio equipment under Delegated Regulation (EU) 2022/30.

Key obligations

  • 01Meet the essential requirements of Article 3: (1)(a) health and safety (incorporating the LVD safety objectives), (1)(b) electromagnetic compatibility, and (2) effective and efficient use of radio spectrum to avoid harmful interference.source
  • 02From 1 August 2025, meet the cybersecurity essential requirements of Article 3(3)(d) (network protection), (e) (personal data and privacy) and (f) (protection from fraud) activated by Delegated Regulation (EU) 2022/30 for the radio equipment categories it covers (internet-connected radio equipment; childcare, toy and wearable radio equipment for point (e); equipment handling virtual money for point (f)).source
  • 03Draw up technical documentation (Annex V), perform a conformity assessment (Article 17), issue the EU Declaration of Conformity, affix CE marking, and keep documentation for 10 years (Article 10).source
  • 04Include in the instructions the frequency band(s) the equipment operates in and the maximum radio-frequency power transmitted, plus any usage restrictions; supply the EU DoC or a simplified DoC with a link to the full version (Article 10).source
StandardsEN 300 328EN 301 489-1EN 301 489-17EN 18031-1EN 18031-2

The EU's chemicals regulation. For physical-product (article) sellers the practical duties are: communicating Candidate List substances of very high concern (SVHCs) above 0.1% down the supply chain and to consumers, notifying ECHA in some cases, and respecting the Annex XVII restrictions. Full chemical registration applies to substance manufacturers/importers, not typical article sellers.

Key obligations

  • 01Article 33(1): if an article contains a Candidate List SVHC above 0.1% weight by weight, provide recipients (businesses in the supply chain) with sufficient information for safe use — at minimum the name of that substance. This applies per article within a complex product.source
  • 02Article 33(2): on request from a consumer, provide the same safe-use information (at minimum the substance name) within 45 days, free of charge.source
  • 03Article 7(2): EU producers/importers of articles must notify ECHA when a Candidate List substance is present above 0.1% w/w AND its total quantity in those articles exceeds 1 tonne per producer/importer per year — no later than 6 months after the substance is added to the Candidate List. Notification is not required where exposure of humans and the environment can be excluded.source
  • 04Notify articles containing Candidate List SVHCs above 0.1% w/w to ECHA's SCIP database (a duty under the Waste Framework Directive, submitted via ECHA).sourceUnverified — check source

Restricts ten hazardous substances — including lead, mercury, cadmium and four phthalates — in electrical and electronic equipment. Compliance is self-assessed, documented through material declarations, and forms part of the CE marking.

Key obligations

  • 01Ensure homogeneous materials do not exceed the Annex II maximum concentrations: 0.1% by weight for lead, mercury, hexavalent chromium, PBB, PBDE, DEHP, BBP, DBP and DIBP; 0.01% for cadmium.source
  • 02The four phthalates (DEHP, BBP, DBP, DIBP) were added by Delegated Directive (EU) 2015/863 and apply to most EEE from 22 July 2019 (medical devices and monitoring/control instruments from 22 July 2021).source
  • 03Carry out the internal production control procedure in line with Module A of Decision 768/2008/EC, draw up technical documentation, and keep it (with the EU Declaration of Conformity) for 10 years (Article 7).source
  • 04Draw up an EU Declaration of Conformity and affix the CE marking to the finished product (Article 7).source
StandardsEN IEC 63000IEC 62321

Extended producer responsibility for electronics: producers must register in each EU country where they sell, finance the collection and recycling of e-waste, and mark products with the crossed-out wheeled bin symbol. It is a waste-law obligation, separate from CE marking.

Key obligations

  • 01Register as a producer in the national WEEE register of each Member State where you place EEE on the market before selling there (Article 16).source
  • 02Finance at least the collection, treatment, recovery and environmentally sound disposal of WEEE from private households (Article 12; Article 13 covers non-household WEEE) — in practice usually via a producer compliance scheme.source
  • 03Distance sellers: appoint an authorised representative in each Member State where you sell but are not established, to fulfil the producer obligations there (Article 17).source
  • 04Mark EEE with the crossed-out wheeled bin symbol shown in Annex IX (Article 14(4)), plus a mark identifying that it was placed on the market after 13 August 2005 (Article 15(2)).source
StandardsEN 50419

United States3 instruments

California Proposition 65 (Safe Drinking Water and Toxic Enforcement Act of 1986)Cal. Health & Safety Code §§ 25249.6–25249.12; Title 27, Cal. Code of Regulations, Article 6 (§§ 25600–25607.53, Clear and Reasonable Warnings)

California law requiring businesses to give a clear and reasonable warning before knowingly and intentionally exposing anyone in California to a chemical on the state's Proposition 65 list, and prohibiting knowing discharges of listed chemicals into drinking water sources. It is a warning law, not a ban — products containing listed chemicals may still be sold if properly warned.

Key obligations

  • 01Provide a clear and reasonable warning before knowingly and intentionally exposing anyone in California to a chemical listed under Proposition 65, unless the exposure is low enough to qualify for an exemption.source
  • 02Do not knowingly discharge listed chemicals into sources of drinking water in California.source
  • 03Track the chemical list: OEHHA maintains the list, which must be updated at least once a year and has grown to include over 800 chemicals (naturally occurring and synthetic) listed for cancer, birth defects or other reproductive harm since first publication in 1987. The current list is dated December 8, 2025.source
  • 04Once a chemical is newly listed, businesses have 12 months before the warning requirement takes effect for that chemical.source
Consumer Product Safety Act — General-Use (Non-Children's) Consumer ProductsConsumer Product Safety Act; 15 U.S.C. 2063 (certification), 15 U.S.C. 2064(b) (reporting); 16 CFR Part 1110 (certificates), 16 CFR Part 1115 (substantial product hazard reports)

General-use consumer products need a General Certificate of Conformity (GCC) only if a CPSC rule, ban or standard applies to them, and every business in the supply chain has an ongoing duty to report potential substantial product hazards to CPSC. There is no pre-market approval: CPSC does not approve products before sale.

Key obligations

  • 01Where a general-use product is subject to a consumer product safety rule (or a similar rule, ban, standard or regulation under any other CPSC-enforced statute), the domestic manufacturer or importer must certify compliance in a written General Certificate of Conformity (GCC), based on a test of each product or a reasonable testing program. The GCC and supporting information must be in English.source
  • 02Only the importer (for products made outside the US) or the domestic manufacturer (for US-made products) must certify (16 CFR 1110.7). The certificate must be available to CPSC as soon as an imported shipment is available for inspection, or before a domestic product enters commerce, and must accompany the shipment and be furnished to distributors and retailers.source
  • 03Section 15(b) duty to report (15 U.S.C. 2064(b)): every manufacturer, distributor and retailer who obtains information reasonably supporting the conclusion that a product fails to comply with an applicable rule or standard, contains a defect which could create a substantial product hazard, or creates an unreasonable risk of serious injury or death must immediately inform the Commission.source
  • 04"Immediately" means within 24 hours of obtaining reportable information (16 CFR 1115.14(e); CPSC: "A company must report to the Commission within 24 hours of obtaining reportable information"). A firm genuinely uncertain whether information is reportable may investigate, but the investigation should not exceed 10 working days unless a longer period is demonstrably reasonable. CPSC's advice is "when in doubt, report" — no injury needs to have occurred.source

Products that intentionally emit radio-frequency energy under FCC Part 15 (for example Wi-Fi, Bluetooth and other short-range wireless transmitters) must in almost all cases be certified before they can be marketed or imported into the United States. Certification is granted by private FCC-recognised Telecommunication Certification Bodies (TCBs) under the Commission's authority, based on testing at an FCC-recognised accredited laboratory.

Key obligations

  • 01Obtain certification before marketing: except as exempted in 47 CFR 15.201(a)/(c) and 15.23, all intentional radiators operating under Part 15 must be certified by a Telecommunication Certification Body under the procedures in 47 CFR Part 2 Subpart J prior to marketing.source
  • 02Test at an FCC-recognised accredited laboratory: equipment authorised under the certification procedure must be tested at a laboratory that is accredited to ISO/IEC 17025 and recognised by the Commission (47 CFR 2.948(a)).source
  • 03Apply through a TCB: all requests for equipment authorisation are submitted to a Telecommunication Certification Body, which files the application electronically with the FCC; the applicant must also designate an agent located in the United States for service of process (47 CFR 2.911(a), (d)(7)).source
  • 04Label the device with its FCC ID (preceded by the term "FCC ID") on a permanently affixed, readily visible label, plus any compliance statements required by the rules for the equipment class (47 CFR 2.925).source
StandardsANSI C63.10-2020ANSI C63.4-2014

Documents you will need

Deduplicated across everything above

  • Cybersecurity risk assessmentDocumented and kept up to date; feeds design decisions and the technical documentation.source
  • Technical documentation + EU Declaration of ConformityCovering Annex I essential requirements and the vulnerability handling processes.source
  • User information and instructionsIncluding the support period end date and how users receive security updates.source
  • Technical documentationBased on an internal risk analysis; must describe the product and its safety-relevant characteristics. No EU Declaration of Conformity is required under the GPSR itself.source
  • Traceability informationProduct identification (type/batch/serial) plus manufacturer and EU responsible operator contact details must accompany the product.source
  • Written mandate (when using an authorised representative)The authorised representative must hold a written mandate covering the Article 4 tasks.source
  • EU Declaration of Conformity + technical documentation availabilityThe EU operator must be able to verify these exist and produce them for authorities on request.source
  • EU Declaration of ConformityFull or simplified version (with internet link to the full DoC) must accompany the equipment; kept 10 years.source
  • Technical documentation (Annex V)Includes risk analysis, design/manufacturing details, test reports covering all applicable Article 3 requirements.source
  • Instructions with radio informationMust state frequency bands and maximum transmitted RF power, plus safety information and any usage restrictions.source
  • Supplier declarations / full material disclosuresEvidence that Candidate List SVHCs are below 0.1% w/w per article, or the basis of your Article 33 communications.source
  • Article 33 safe-use communicationsRecords of the information passed to recipients and provided to consumers within the 45-day deadline.source
  • Technical documentation per EN IEC 63000Material declarations, analytical test reports and supplier certificates organised per the harmonised documentation standard.source
  • National producer register entries and registration numbersMany Member States require the WEEE registration number on invoices/webshop; requirements vary nationally.source
  • User informationInstructions/packaging must inform users about separate collection and the crossed-out bin symbol.source
  • Treatment information for recyclersFree of charge, identifying components, materials and the location of dangerous substances (Article 15).source
  • Warning label / sign artworkNo certificate or government filing is required; compliance is demonstrated by the warning itself (label, shelf sign/tag, or website warning for internet sales) meeting the content and transmission methods of 27 CCR Article 6.source
  • Written notice to retail sellersThe regulations allocate responsibility along the supply chain: manufacturers/suppliers can discharge their duty by providing a warning or a written notice to the retail seller under 27 CCR 25600.2(b) and (c); for internet purchases before January 1, 2028, a retailer is not responsible for posting an updated short-form warning online until 60 calendar days after receiving an updated warning or written notice.source
  • General Certificate of Conformity (GCC)Must contain 7 elements (16 CFR 1110.11): product identification; citation to each rule certified to; identity (name, full mailing address, phone) of the certifying manufacturer or importer; contact for the custodian of test records; date and place of manufacture; date(s) and place(s) of testing; identification of any third-party laboratory relied on. Hard copy or electronic form is acceptable; electronic certificates need a unique identifier and accessible URL.source
  • Records supporting certificationKeep test results/reasonable-testing-program records; CPSC suggests issuers maintain supporting test records for at least three years (note to 16 CFR 1110.11(d)). The certifying entity remains legally responsible for the accuracy and completeness of certificate information.source
  • Section 15(b) reportReport to CPSC within 24 hours of obtaining reportable information. If another responsible party has already adequately informed CPSC, a firm need not re-report, but documentation demonstrating that is recommended. 16 CFR Part 1115 sets out the substantial product hazard reporting framework.source
  • eFiled certificate data (imports, from 8 July 2026)Beginning July 8, 2026, importers of most regulated consumer products must electronically file (eFile) certificates of compliance with U.S. Customs and Border Protection via a Partner Government Agency Message Set.source
  • Certification application with test data and exhibitsSubmitted to a TCB with all information required by 47 CFR Part 2 Subpart J (test data signed by the person who performed or supervised the tests, signed certifications from the applicant, and product exhibits). The TCB files an electronic copy with the FCC and issues the grant through the FCC's electronic system.source
  • Grant of certification listing the FCC IDThe grant lists the validated FCC Identifier: the grantee code assigned by the FCC plus the equipment product code assigned by the grantee. No FCC ID may be used on marketed equipment unless validated by a grant of certification.source
  • User/instruction manualMust contain the 47 CFR 15.21 modification caution; where the product also contains a Class A or Class B digital device, the applicable 47 CFR 15.105 interference statement is required. The manual may be provided in non-paper form (e.g. online) if users can reasonably access it.source

Upcoming deadlines that affect this product

  • 2026-09-11Cyber Resilience Act: reporting obligations applyArticle 14 of Regulation (EU) 2024/2847 applies from 11 September 2026 (Article 71(2)): manufacturers must report actively exploited vulnerabilities and severe incidents affecting products with digital elements to ENISA and their CSIRT (early warning within 24 hours).source
  • 2027-12-11Cyber Resilience Act applies in fullRegulation (EU) 2024/2847 applies in full from 11 December 2027 (Article 71(2)): all products with digital elements placed on the EU market must meet the essential cybersecurity requirements, with CE marking and (from category) appropriate conformity assessment.source

Track this product to done

Save this result as a live checklist: every requirement, document and deadline above, with status tracking and a document vault. Free for one product.

Start tracking free