Electronics System Standards Compliance: Certification, Testing & Verification
I can only answer this question from my point of view, so I am doing so to start the conversation, not because I expect this to be an exemplary response!
EDIT: there is a VERY good ESE answer here that I think would be of interest to anyone reading this.
Let me start by saying that I am based in the UK, and work for a small, young company (I hate the word startup) that produces products for sale worldwide.
When I first had to consider approvals and compliance for a product that I had designed I had no idea where to start. TL;DR - we partnered with UL, who advised us on the standards that they believed applied to our product, along with some practical advice. We had them test everything that they recommended and haven't had a problem since. However, our product is pretty simple. Now that I understand more about the legal enforcement and implications of the standards we tested to, I would likely go about this differently in the future (fewer tests, and do some of them internally).
Our product is an Arduino-compatible single board computer. We produced an initial run via Kickstarter and only worried about certification after the fact - in future I would do some preliminary testing in advance. At the time we ran the Kickstarter, we had raised the highest total ever in the UK (long since eclipsed by others). Through this, UL actually contacted us, basically saying "we're not a big corporate monster - we can work with small companies too" - so we decided to go with them as an established name.
Initial discussions covered lots of ground that was brand new to me:
- CE marking is something that you do as a company. It is up to you to work out what relevant standards apply to your product, test the product against them, and assuming that the product passes, you mark your product with the CE symbol (there are rules about how to do this) and keep a dossier of the test results in case anybody needs to question it in the future. UL can advise on this and do the testing on your behalf - and produce documents that go into your dossier - but they do not mark the product as CE compliant.
- As an unintentional radiator we didn't need an FCC ID for sale in the US - but we did need to comply with FCC radiated emissions standards.
- How you describe your product is important. If we had classed our product as a low voltage device we would have had to undergo surge testing - by classing it as a USB computer accessory, we didn't have to.
- Additionally, how you recommend and show your product being used is important. Our product encourages people to connect other devices (particularly crocodile clips) to the board. During testing, you have to place these in the most unfavourable position for that particular test (often spread as wide as possible in the case of radiation emission / immunity testing). By ensuring that we only show relatively short cables in any example on our website, we could test only with those cables - if we ever recommended or showed longer cables, it could be argued that we are encouraging that sort of use and should test with longer cables.
- In the UK, CE compliance is enforced by Trading Standards. They are quite busy trying to stop fake cigarettes, fake medicines, self-igniting phone chargers and exploding e-cigarettes from hitting the market. If you test and design your product well and the chance of it actually hurting anyone is very low, you're probably going to be fine. Anything that plugs in to a real computer USB socket is a good example of this - the computer should limit the output current, so even if you're slack there the worst thing you could likely achieve is to damage the USB port on the machine it is plugged into.
We ended up testing for radiated and conducted emissions, static discharge immunity, electric and magnetic field immunity. Immunity testing is an odd one. It basically says that your product has to recover to a managed "working" state after being exposed to the test conditions.
Firstly, our test engineer pointed out that measured electric and magnetic field strengths in your average large PC shop (e.g. PC World in the UK) far exceed the levels tested against in the standards we tested to. If you wanted to save time / money in the future, this is a test that you might do myself, using hired measurement equipment to ensure that you were within the specification of the test. Similarly, you can hire the test equipment for the static discharge immunity testing and easily conduct the test yourself for the cost of purchasing the relevant test standards document and building a simple rig.
Secondly, given that our equipment is not life-critical equipment, I don't see why we have to recover gracefully from an immunity test as part of designing a safe-to-sell product. I assume this is a legislative defence against REALLY terribly designed products that break easily in the hands of the consumer.
For future products, I would get an early prototype in for an initial exploratory radiated and conducted emissions test so that I could identify any potential issues and deal with them - waiting until you are close to release is a risk I wouldn't take. For immunity testing, I would likely wait until the end - unless you're talking about mains surge immunity, which I don't fancy doing any time soon! (but would look at early just in case you have a show stopper hiding in there).
As I say, this is just my experience - I would be really interested to hear from any compliance engineers out there (both inside electronics design companies and those working in test houses).
EDIT: I thought of some more things that came up during our compliance testing journey:
CE marking is about the overall safety and suitability for sale of a product. This includes lots of matters beside electromagnetic compatibility - material consideration, toxicity and huge amounts more. Again, having a knowledgable test house working for you really helps break down what is relevant and what is not
I haven't mentioned the RoHS and WEEE directives here (applicable in Europe) but those are pretty easy to self ensure through design and internal procedure design.
The answer to the question depends on where in the world you are located. Let us for discussion's sake assume Europe. The rest of the world seems to be accepting or even adapting to the European bureaucracy model, so it applies somewhat globally. It goes like this:
The European Union has invented a system where the responsibility to know about every possible standard and directive falls on the manufacturer, more specifically on the company that puts the product on the market.
There exists no government or EU funded authorities which will tell you or help you with knowing what directives or standards your product needs to conform to. The authorities in every country are only there to supervise the market: to find out who doesn't follow the directives and punish them accordingly. Most often this is done after the occurrence of a serious accident, caused by products not conforming to the relevant standards.
So it is up to the company who puts the product on the market to figure out which directives that apply to their product. Most notable directives for electronics are:
- The EMC directive. Applies universally to all electronics, except if the product contains radio. If so then use:
- The radio directive. Currently known as R&TTE - Radio and Telecommunications Terminal Equipment, soon to be known as RED, Radio Electronics Directive. Contains special EMC requirements and also in turn enforces compliance to:
- The low voltage directive. Applies to equipment using voltages from 50-1000VAC or 75-1500VDC (and also to radio equipment).
- The RoHS directive (restriction of the use of certain hazardous substances). Environment concerns.
The above are the major ones for electronics, but you may also need to confirm to other directives if the product is intended for machinery, med-tech, automotive, avionics, high voltage, explosive environments etc etc.
Also, there are non-compatible directives in other countries, most notably the US FCC, that require their own approvals for EMC, radio etc. If you are approved for Europe and US both, you can sell to most other countries too. Countries in South America and Oceania tend to accept either or both of the US and EU approvals (some times with reservations or exceptions). Asia is more complicated as they have national requirements pretty much in every single country. Exporting electronics world-wide is quite a bureaucratic nightmare.
To get back to the EU directives, every such directive comes with a vast list of harmonized, normative technical standards (hundreds or even thousands of standards) that may or may not apply to the specific product. Again, you will get no help from anyone to determine which standards that apply.
If you ask a test house (formally called notified body, they are appointed by the EU), they will happily suggest as many standards as possible, as that means more income for them. It is notable that not even the test houses actually know this, as it is no exact science. They are just better at making a qualified guess than the average person. They also see no moral concerns when it comes to work as consultant for you at first, and then as a "neutral" third party for tests later. Who needs morals when you get twice the pay! Hint: pay them money as consultants first and then the expensive test later on usually passes.
Once you have figured out/guessed which standards that apply, you will most likely have to pay big money for them. Most ISO/IEC standards are quite expensive, particularly if you want them translated to your native language. A few rare cases exist where standards are available free of charge, for example all the normative radio standards from ETSI.
In most cases, there is actually no requirement that you test if your products fulfil the standards. Simply writing a EC declaration of conformity and putting the CE mark on your product is sufficient for the frightening majority of products. There exist a few, very safety-critical products that actually must go through a conformance test by a 3rd party notified body before they are allowed to be put on market.
But in the general case, anyone can put any kind of crap on the market as long as they have a declaration of conformity. And then afterwards, when their non-conforming products have already killed people, the producer may end up in court and their products may get withdrawn from the market.
So for the lone engineer of the new fancy electronics device. If you want to sell your product legally in the European Union:
- Employ one technical bureaucrat who can determine exactly what directives and standards that apply and what you have to do to fulfil them. This is pretty much a full-time job for one person.
- Spend a lot of money on purchasing technical standards and have your employed bureaucrat study them. Or study them yourself, instead of working with actual electronics.
- If you are serious, literally spend a fortune on tests at a test house. We are talking of a sum equivalent to buying one or several brand new cars here.
As you may have noticed between the lines at this point: the system is designed to keep the lone engineer or the small, innovative company out of the market, in favour for the large corporations.
Or alternatively you could skip all of that, just sign a EC declaration of conformity and hope that your products work. But then if you end up in court, you are in some serious trouble. Courts are far more lenient if you can prove that you have put substantial effort into ensuring that your product is fine (by spending a fortune, as described above).
From someone actually having done some serious work on the certification business of a medical device. Others already wrote at great length so I'll just add some other points.
1st, you cannot know what you need to fulfill unless you have someone to advise you. I suspect you're trying to get some free advice here without paying consulting fees... For tightly regulated medical devices there are goverment agencies you can approach with various levels of success. For consumer goods you pretty much have to pay up to a consultant. Or perhaps hire someone with experience.
For most "innovative startup" (and honestly, all kind of products) type products the EMI regulations are the biggest headache. You cannot get around it, you have to fork out money to do testing in a proper test lab. However, for RnD purposes you do NOT have to commission for a formal test rig, you essentially hire the test chamber for x hours. Go there, they'll help you set up, run the emission test for a while, swallow your tears and go back to the lab to read the EMI tutorials you should've read before you started.
There are various IEC standards for various products but for most people these cover basics: IEC 60950 (IT devices), IEC 62368 (AV equipment), IEC 61010 (measurement, control and lab devices) as well as my favourite IEC 60601 medical device standard.
Another can of worms are the safety-oriented standards. Hint: You can save yourself a lot of pain by using an external certified DC power supply, 24V or less. This will take care of almost everything that can catch fire for you and greatly simplifies test process as a bonus. Having some background in medical devices I can tell you they really throw the book at you if you have a patient in the same building block and you're using your own AC/DC power supply.
Depending on where you do live you don't indeed have to do any formal safety-oriented testing. And if your device is relatively low power (not going to go on a record here what qualifies as a "low power") and uses an external PSU, you're pretty safe from being sued as well in most cases. NB I only have exposure in EU. Lawsuit happy Americans have to fend for themselves.
For regulated devices you have to have company quality management system in place, this has to be audited regularly and there has to be a robust paper trail showing the design and risk assessment process. I keep on being contacted regularly to do this kind of work but I'd rather chew my wrists open.
IEC standards are indeed pricey but there's no way around getting the relevant one. The bad thing is that they're usually fairly horrific read, vague and open to interpretation in many cases. There's also no way of avoid paying for the test lab but at least you can save significant amounts of money by doing RnD informal testing FIRST and when you're confident your nth respin of the product is finally compliant THEN fork out money for formal testing.
One point of note. I said EMI is the biggest headache but there are many other tests as well. If you don't protect your I/O, ESD and fast transient tests are going to make you cry.. Perhaps from the smoking wreck that used to be your prototype. That external PSU will take care of most power network oriented failures except that you may still get stung by the power interruption test if you foolishly tie reset circuit to unfiltered external DC (cough).