Connected products carry compliance obligations that go well beyond a single certification mark. Cybersecurity legislation, data protection and privacy requirements, radio and electromagnetic compliance, safety directives, and environmental standards all apply, often simultaneously, and they vary by market.
Getting this wrong late in a programme is expensive. Getting it wrong after launch can be worse. We believe compliance and security should be planned from the start of a product programme, not retrofitted once development is complete.
We have a long track record of managing compliance and risk in connected product development, helping clients ensure their products are robust, secure, and safe, while keeping them on schedule and on budget.
Why compliance needs to be planned, not patched
Retrofitting compliance and security after a product is largely built is one of the most expensive mistakes a connected product programme can make. A security architecture decision made in week one is straightforward. The same decision, revisited after development is complete, can mean re-architecting core components, repeating certification testing, and pushing back a launch date that was already committed to partners or customers.
Managing risk and compliance at every stage of development, from initial architecture through to production, consistently pays for itself. We offer a fast and flexible compliance service, including tailored performance assessment and independent supplier auditing, and we provide practical recommendations for improving products ahead of manufacture and high-volume deployment.
Protect your business and meet legal requirements
Independent validation
Knowing which standards and regulations apply to your product and confirming you meet them is the foundation of a credible compliance position. We assess the regulatory landscape relevant to your product and markets, test compliance against applicable standards, and conduct parametric measurements against power, radio, EMC, and Low Voltage Directive (LVD) requirements.
Assessment of applicable standards and regulations
Compliance testing against relevant standards
Parametric measurements (power, radio, EMC, LVD)
Check supplier claims and assess their testing
Supplier audit
When your product depends on third-party hardware or components, their compliance claims become your risk. We independently verify supplier claims, evaluate the testing methods they used to reach those claims, and provide comparative reviews to support supplier selection decisions.
Verification of supplier compliance claims
Evaluation of supplier testing methodology
Comparative supplier testing reviews
Supplier selection and assessment support
Standards compliance impact assessment
Hardware and software change impact assessment
Compliance is not a one-time event. A software update or a hardware revision can change your compliance position, sometimes without anyone realising until an audit or a customer complaint surfaces it. We assess the compliance impact of changes to your software, provide continuous risk assessment as your product evolves, and maintain currency with radio, Bluetooth, and Wi-Fi standards as they are updated.
Compliance impact assessment for software changes
Continuous risk assessment through the product lifecycle
Radio and low-power compliance
Bluetooth and Wi-Fi standards compliance
Ensure you meet regulatory requirements
Regulatory standards and certification
Global compliance for a connected product typically spans multiple, overlapping regulatory frameworks. We help you navigate the requirements that actually apply to your product and target markets, including:
CE marking, FCC, and global compliance: the core certification marks required for market access in the EU, US, and other major regions
Radio Equipment Directive (RED): EU requirements for radio-equipped devices, including cybersecurity provisions under EN18031
R&TTE Directive: legacy EU radio and telecommunications terminal equipment requirements, relevant for products still operating under transitional provisions
Low Voltage Directive (LVD) and Safety Directive: electrical safety requirements for devices operating within defined voltage ranges
EMC Directive: electromagnetic compatibility requirements to prevent interference with other equipment
Eco Directive: environmental design requirements for energy-related products
RoHS and REACH: restrictions on hazardous substances and chemical safety requirements for materials and components
Why Consult Red for compliance and risk?
Compliance advice that does not understand how the product was actually built tends to arrive too late or miss the point. Because we also design and build connected products, our compliance and risk assessments are grounded in direct knowledge of how these architectures behave, not just in regulatory text.
We have supported compliance programmes across media, broadband, industrial, and consumer electronics sectors for over 20 years, with our solutions deployed in more than 100 million households worldwide.
That depth means we can usually tell you, early, where a specific architectural choice is likely to create compliance friction later, rather than discovering it during certification testing.
We start by understanding your product, your target markets, and your current compliance position, often informed by the self-assessment above.
There is no charge for an initial conversation.
Scoped engagement
Depending on your needs, this might be a focused supplier audit, a compliance impact assessment ahead of a software release, or a comprehensive review spanning multiple regulatory frameworks ahead of a market launch.
We agree on clear scope and timelines before work begins.
Outcome
You receive a clear compliance position: what applies to your product, where you currently stand, what needs to change, and a practical plan for closing any gaps before they become costly.
We are experts in intelligent product design and development
Hardware
Video and embedded vision, connectivity (wired, wireless, GSM, LPWA), power management and low-power devices.
Embedded software
Constrained devices, bare-metal through to embedded Linux, RTOS and embedded Android, security implementation.
Cloud platforms
Architecture, data and video streaming, serverless and microservices, AWS, Azure and Google Cloud, AI and machine learning.
Frequently asked questions
When should compliance planning start in a product development programme?
Ideally, at the very start, alongside initial architecture decisions.
Compliance and security requirements influence fundamental choices: component selection, connectivity architecture, data handling, and software design.
Identifying these requirements early means they shape the design rather than forcing changes to it later.
We regularly see programmes where a compliance issue caught during architecture review costs a conversation, while the same issue caught during certification testing costs a redesign.
What is the EU Cyber Resilience Act and does it apply to my product?
The EU Cyber Resilience Act (CRA) introduces cybersecurity requirements for products with digital elements sold into the EU market, with enforcement beginning 11 December 2027.
It applies broadly to hardware and software products with network connectivity or data-processing capabilities. Whether and how it applies to your specific product depends on its classification under the regulation.
What does a supplier compliance audit actually check?
A supplier compliance audit verifies that a third-party component or product genuinely meets the compliance claims made about it, rather than taking those claims at face value.
This includes checking the testing methodology used to reach stated conclusions, reviewing test reports and certificates against the standards they claim to satisfy, and, where needed, conducting independent verification testing.
This matters because if a third-party component fails to meet its claimed compliance position, that risk transfers directly to your product.
How long does a compliance assessment take?
This depends heavily on scope.
A focused supplier audit or change-impact assessment can often be completed within a few weeks. A comprehensive compliance review covering multiple regulatory frameworks ahead of a market launch, particularly one involving physical testing such as EMC or radio compliance, typically takes longer and should be planned well in advance of your intended launch date.
We provide a realistic timeline once we understand your specific scope.
What happens if a software update affects our product's compliance status?
This is more common than many product teams expect.
A firmware or software update can change radio behaviour, power characteristics, or security posture in ways that affect your existing certification.
We assess the compliance impact of proposed changes before they ship, so you know whether a change requires re-certification, additional testing, or no action at all.
Building this assessment into your release process helps you avoid discovering a compliance gap after a problematic update is already in the field.
Do you provide physical compliance testing, or only assessment and advisory services?
Our service includes parametric measurement and testing capability across power, radio, EMC, and low-voltage directive (LVD) requirements, alongside assessment and advisory services.
Where testing requires specialist accredited facilities beyond our own capability, we work with trusted partner test houses and manage that process on your behalf, so you have a single point of contact throughout.
Don't let compliance become a launch risk
The earlier compliance and security are built into your product programme, the less they cost, in time, budget, and risk. Talk to our team about your specific requirements.