 Well, welcome everybody. Thank you for joining the session. The title is IoT Device Regulation Compliance in Industrial Environments Complicated title, and I'm going to break it down a little bit for you from a personal experience So for four years, I've worked in two startups First one for two and a half years the second one for one and a half years later one closed unfortunately down Within this time I was involved in shipping three products one was the barcode scanner That is attached to a glove and another one is a logistics tracking solution where the glove application consists of two devices, and we also had two different SOPs sort of productions So we went through this process. I went first process three times and And obviously for for clarification we had we were a European based companies at the time and we had customers in Europe So the agenda for this is there's three columns. There's the norms. So Where does it come from? What effects which product and I'm going to a little bit into a detail or what? What comes from it? So what I have to be aware of as a To how how these norms function and what they are The third at second column is the project. So how is this going to affect me in the project along the line? Or should I know in advance? What's happening along the way and? Third column is the customer because the customer is always involved whether it's in industry So be to be or be to see product customers always there and it's interfering. So What's happening on there? By the way, if you have any questions in between just just raise your hand and I can answer it also So what regulations apply in Europe? We have what's called CE? I'm not gonna attempt the the French spelling here, but what that is it's actually an It's not what it actually stands for CE is not defined But the confirmation at the compliance in Europe with certain regulations is what is understand understood And what this defines is certain product categories in the European economic area So every product you're gonna sell in Europe is gonna have to comply with these regulations If you're in a company out of the outside of the European Union, and you want to sell inside of Europe you're gonna have to comply either way either your your your representative in Europe or Your importer like if you're gonna import products you want to have to make sure these devices comply with the CE One of those is electromagnetic compatibility short EMC What this makes sure is it? It shows that the device is not gonna destroy itself Due to electromagnetic interference, you're gonna probably see that during development But most importantly the EMC testing makes sure that it doesn't interfere with other devices from probably the same category or even other categories of devices So for example your phone Hopefully works if there's also a radio in the room, right? product safety Which of course involves for example that the device should not burn down something like that But also most commonly human safety so that no humans are harmed in the process. There's regulations for that LVD stands for low voltage devices. By the way, this is what I mostly worked on and then there's the radio equipment directive RED the shorthand is I think registered ID is 2014 53 EU. I think this is when When it was finished and it is in effect. I'm not sure when it was in effect 2017 2018, but it is in effect now The radio equipment directive attempts to regulate the use of radio spectrum all across Europe all across across all devices So if you have a radio device, you're probably gonna need to read the RED and accordingly the according standards So for example a Wi-Fi device will have to comply with these four norms the electrical safety the human safety electromagnetic compatibility and the radio standard for example Like and each of these regulations is maybe a hundred hundreds or maybe a couple thousands of pages Right and the thing is you're not gonna have to comply with all of these because these regulations are for certain categories And even they only only some of them will apply to your certain use case Right. So for example, you're not gonna have to comply with Devices or with regulations in the 5 gigahertz band when you have 2.4 gigahertz or sub gigahertz device another norm that's there is called IP it is Regulating the intrusion of liquids and solids into a case of a device This is to my best knowledge not covered by the CE but you probably want to want to have that because Either your devices are working in the outside or even the inside In the industry you sometimes have gashes or or dusty environments Or you have even an underwater sensor or something like that. So you want to make sure your device is actually safe of intrusion of liquids and solids These testings are usually done in pressure chambers. For example liquid tanks water water hoses and it's really that right The IP declaration the IP 5 4 or 6 7 what you see here is a number It's actually the first number defines the the solid the solid category So the the level of solid intrusion and the second number is defining the level of liquid intrusion And the higher the number the smaller the particle or the higher the pressure before water Goes into the device Another one is the IK where I think K stands for kinetic which explains its you're testing for impact onto the device There's ten categories IK 101 to IK 10 and Basically what it means is The higher the number the more energy you're gonna hit your device right so for example if you have a sensor In an environment where there's forklifts around and there's Serious consideration that these forklifts might drive into your sensors Then you probably want to have to test the IK regulation and and and think about okay How hard is this forklift maybe gonna hit my device and you want to test for it to make sure? To to to be able to explain to your customer. Yes, my device is not gonna break in your environment another one Rareer, but also there is x explosive Regulation so for example devices in your flammable material as I said in chemical industries for example you want to have to comply with that Why is that well your device is a possible a factor of risk in these environments and you have to make sure that it is not that the These these companies usually want to make sure that your devices able to sustain very high temperatures or maybe even an example for sensors is that Sensors have to be filled with some materials so that there's actually no air inside the casing so in case someone explodes around it It doesn't get it. It doesn't make it worse for example, there's a battery device and a lithium battery starts fire and this fire because it's such a high degree it's gonna Inflame much more worse things in the in the warehouse So what do you want to have to do there? With these norms well your obligation is to test for it and to develop for it Right, so you have to comply as a manufacturer as a developer with these norms There's no Institute or something that does that for you and then says yes, this guy is Compliant with it. You have to do it So it's your obligation to actually declare and label your devices accordingly like there's no institution that does it for you So you're gonna have to name the manufacturer the device name electrical information serial number Disposal and environmental information on the case readable It has to be readable. It's it's not it's it's not allowed for example to have a small barcode on there And all the information is encoded in there. No, it has to be a readable a readable label Funny thing is they've actually know it's it's not defined Which font you're gonna have to use or how the contrast of the colors have to be for of the of the label but there has to be one so basically the common sense applies and If you're if you're testing Bureau says yeah, okay It's this label is not enough. You have to do better or a regulation Okay Which brings me to another point if you build a product and you're gonna buy other things to To build it basically you want to when I get some components, for example, it starts with by these very simple things like A power outlet for example, right or just a case basically And if you buy that in outside of Europe And even inside of Europe you have to make sure you have to make sure that it is in compliance with CE You have to get the documents from the manufacturer of the devices you buy Before you buy your own before you sell your own product further in Europe that this leads To to a lot more tasks that you that that we for example didn't anticipate in the beginning Okay, you're gonna buy all these things, but you actually need these documents if you're gonna say you are CE Compliant you need these documents from your suppliers And obviously you need to retain all these documents If I'm not mistaken at least for ten years and after ten years the when the product goes off market to actually Because if there's an incident you have to answer for it and show that you actually did the testing Okay, let me let me add another point here Don't know we continue so the project obviously it affects the roadmap, right and See testing is it's not a simple thing and what we did for example, we had always two phases of Testing one was pre-testing pre-compliance so to speak and actual compliance testing The difference is that initially we did some very important tests tests that may fail especially tests that may involve changes in hardware especially in hardware or in software even in lower layers in the software in embedded devices and So we had these the first deadline basically and then there's a second deadline and the first testing is obviously very short and it costs less and the actual compliance testing with your tests that you didn't But you didn't have your full test protocol It's obviously gonna take much longer couple of weeks And it's much more expensive and probably needs more preparation Yeah, because late hardware changes are problematic Everyone knows that because we're talking about the devices here and we have basically a development cycle and these cycles can take Ideally a couple of weeks, but more likely multiple months if not a year So you better be aware that you have to Certify when use yourself do changes to there and and you have to do it into you should do it in two stages Because if you fail the compliance testing you have to do it all over again And still pay which brings me to the cost So these costs are not not very Very cheap especially as a startup. It's actually a considerable amount of money. You have to take Into your hands there. It's at least five digits 10 to 20,000 per device very simple devices to be fair Because each one of these tests which usually involves measurement equipment someone being there and actually a laboratory usually costs two to three thousand euro it varies obviously, but these are not Affordable tests So obviously you don't want to do it all over again During some of these tests your devices are actually destroyed Remember the IK test the kinetic tests of impact into your device these devices are gone You want to destroy them to see the limit of the case, right? It's not like you you hammer it and then are the devices fine But you want to want to know where's the limit to actually say okay this type of impact is going to destroy the device So you can exclude certain liability cases, right? And obviously you don't want to buy your own test equipment if you say I'm gonna do it all of my own if it's that complicated No, you don't because these some of these devices cost in the multiple hundreds of thousands of dollars And rarely especially as a startup you can afford that manpower So initially I in my first project we severely underestimated the manpower that is necessary for compliance testing especially preparation in the second product we did it a lot better and What we did was we have to write manuals for the test lab because these guys have to use your device, right? Very simple also, I mean it has to be understandable It's like you write a manual right and you want the guy to to be able to understand how this device is supposed to work So and just as that the guys in the labs what I have to do that Writing your test code and documentation is some of these tests will probably not be the same that you already have in your unit tests or end-of-line testing So you probably have to be you're gonna have to write a separate test code and separate documentation for that I Have one of my engineers we were five people in the in the second company one of my engineers worked At least two months solely on the preparation of the software and the manuals And this was a simple product Of course, you have to build and test produce the test hardware, right? So if you did don't have prototypes yet, you're gonna have to build them Either by hand or if you have an embedded device you're gonna have to have a small test batch Also in the test lab you probably want to be there to answer questions at least one of two one or two days because This just especially if your manuals are not that great, you're gonna have to send someone there and this is Yeah What one two days maybe a week? unlikely, but Just to answer some questions and introduce everyone to the to the tools and obviously the coordination because These labs are gonna have their own test routines. They're they're gonna they they have their yeah, their routines and You want to talk to them how they want to see the information coming out of the device? What do they want? What information do they need? What's what's common for them? And this brings me to the tech So maybe you need some accessible debug I also didn't think of in the first place Because you need some information out of your device Maybe you need to adapt your software architecture even because Your device is usually in low power and not used to continually output certain certain debug information You're gonna have to have mode switches physical mode switches For example job it made things very easy for us for example because with these physical mode switches connect to GPI I also on the hardware we were able to just switch operating modes of the radio for example And that made things much easier for us in testing And this basically is external control tooling The mode switches on the other hand or the other control tools are one thing the other one is the visualization In in testing you usually have your test routines and your test requirements and the acceptance criteria and These acceptance criteria are basically basically that visualizes red or green So what you have to do is actually project or implement all these acceptance criteria into your software Whether it is the external control tooling or your embedded software on its own because you're not gonna have that in your application outputting at what Power you're currently transmitting for example It's not there in the debug output initially Or your order the data at all like for example just all putting the the transmit receive data on some some debug console Yeah, what's just not there which brings me To the customer The customer This is actually very important and we didn't see that in the beginning. He may require additional compliance For example for internal frequency band regulation Which completely threw us off the table like like Off the feet. It's like, okay. We have this these Standards these requirements in the compliance standards, but here we have a customer actually has their own Regulation unit actually inside the company. It was a fairly large customer to be fair, but still So they didn't want to let us ship or roll out our product before we didn't comply with their own standards And they actually had their own testing offices on site Yeah, we were quite surprised by that Specific example was that He wanted us to only transmit on one channel It was a sub gigahertz in a sub gigahertz band. So what you usually do there is frequency hopping Because if you if you transmit a certain amount of data You want to switch the channels because one channel is heavily restricted in duty cycling So in actual transmit time there so you cannot send a lot of a lot of data on these channels usually So what that means is you have to change your module drive and driver implementation, right? And this is very low level stuff. You don't want to fill around there Especially not in the at the end of your development cycle when you don't want to change these types of things So about problem leads that to it means reduced to transmit time with one channel We can can only transmit so much so much data Because in the regulation it says you can only transmit point one percent of an hour or something like that Which leads to a redevelopment of the actual implementation and retesting of disease certification Or if you want to roll out also to our customers with this feature if not You can say okay, we developed this feature for you You do the testing and that's it but in general it means another testing cycle because before you can roll out To this customer and since it's slowly the changes is probably not gonna be a lot of fun and Yeah, in general not probably gonna Change your perspective on the roadmap a little bit The next example is integration For example, the question was can we have Wi-Fi system or API access? It's nothing unusual especially in IOT or in sensor data that you want to somehow process this data So this data has to be actually collected somewhere So why not use the infrastructure at the customer? He says yeah in six months Well in six months we probably bankrupt as a startup And we don't have time to wait for that because then we're gonna have another integration project or another another customer project too bad or What we heard the customer has another device on the shelf for testing and we said oh, yeah How did it go with that device? We said yeah, it's on the shelf for six months waiting for testing Well, we don't want to We also don't want to wait for six months. We want to test now So what this means is We didn't actually have to To be able to comply with certain standards or to comply with the actual Regulations or even the customer's own regulations You have to get there You have to know what the what the customer wants and what the customer's timeline is and this was actual kind of pioneering work at the time because The customers were not used to these short to these short development cycles and that we need it as a startup And especially in hardware. It's very difficult to have a lot of iterations because you have this very little money for a Very expensive hardware product and you don't you want to want to earn money with it as soon as possible And not wait a year until you get Wi-Fi access or half a year I mean they have they have their provisioning processes for example for for certificates or for Wi-Fi tokens API access Sometimes even one customer Said yeah, you want to you want to collect this data this data should go to the cloud Well, no this data doesn't leave the kind of the site But with IOT it says internet of things you want to somehow process this data somewhere You know don't want to get dependent on as one customer because this ends in just Tailoring your product completely to the customer right in a to one customer assuming you have multiple customers For example and a bigger market Can we use Bluetooth? 2.4 gigahertz Now it's frequencies overlap with Wi-Fi I obviously it was also not very fun because they also Regulated their own Wi-Fi bands They separated the Wi-Fi for for separate for different devices for different Areas across the across the manufacturing side and it was completely regulated just as the single band in a sub gigahertz It was to me. It was crazy So it was all there were all these standards and these things I could see that were in the open But once you talk to the customer that suddenly there's There's these multiple additional requirements. We have to fulfill that come on top of this whole compliance topic human factor The work council once blocked our product because they didn't want us to to track their employees What I want to say was this is If you want to want to build a product and you want to be compliant with certain standards, it's not only about Technical aspect, but it's all in this case. Let's say about human human rights This was an actual problem and they delayed the project for I think another one or two months The innovation department blocks your product because we were too innovative and that idea didn't come from them Actually happened worker blocks your product Because we have an industry product. We're usually talking to sales representatives to managers to team leads But who's actually using our product Maybe they didn't even see our product and they say no, it's it doesn't doesn't work It's annoying and he just doesn't use it, right because generally it's maybe it can be his choice to use it or not So what I want to say with this is to get everyone on board involved as many key roles as possible It's not enough to just talk to the sales representative, especially if it goes In the direction of regulation whether it be technical or as we saw about regulation within the company Do not rely on one person to know everything For the Wi-Fi guy for example, there's a separate department and until you know the name of the sky There may pass one or two weeks until you get actual information on why it complains about interference between Bluetooth and Wi-Fi for example That takes time Which brings me to my conclusion The technical aspects is only one of many There is the self declaration so you cannot rely on someone else to do the testing for you and then say you are compliant I mean, of course, you can externalize the the testing but still you have to declare you are see compliant The costs and time of product availability is heavily affected along on everywhere. So basically It's widening a bit the picture here to not only let's not only focus on see compliance, but actually It goes to the customer it widens the the view a bit to the product view the customers industry testing and The product designers most definitely affected by compliance for example if the X testing for example You cannot use an empty case if there's a battery inside you want to have to fill it Quality assurance is more important than ever especially as a startup. You will focus more on the important things that bring money but Compliance with regulations is exactly the opposite, right? You have to be very accurate with everything you have to test everything Because eventually you are liable Is what it means So this brings quality assurance to the table very early in in the product cycle Which basically means compliance testing is a separate project, right in the first setup as I said we didn't have all these points in mind, but and and Everything on the way they are surprised us the customer the regulations themselves The implementation into the software there It is an actual separate project in the second company. We managed to to plan for that in advance And we we were able to still Have a product within one year that is for you see you certified and Yeah, this is my conclusion. So thank you for your attention. Are there any questions? Yes I would have a question because I'm In a way a few steps behind you so in a startup trying to develop some products and I'm curious about this CE compliance. I know there are laboratories which can run all the tests for you, but this is in the range of five digits very expensive I Also found in some sources That this is a kind of testing that the manufacturer can do by himself. Is this the case? Can it be managed? What's your experience here? Well? if you want to test your Product on your own you will have to afford all the testing equipment. So you still will need to Get information about what regulations comply we for example got a lot of that information from testing bureaus from offices that helped us with that and Then it depends if you have a radio device, I don't think you can afford the test equipment Yeah, I have a radio device. It happens to be a blizzard low energy, but it's built around the certified module So I would assume this is propagated to the complete system because I'm not modifying anything there I'm just putting some extra software. Yeah, so if you we also had the case where We question also should we use a pre-certified module and what I heard at least what we decided to still test on our own because Apparently it is not enough to to buy a pre-certified module to be able to Declare it, especially if it's that had heavily integrated into the hardware. So if you buy for example, and A module that is sorted on to the hardware and you want to want to say your devices. So this Devices compliant You we still did all the radio testing with the lab even though we knew we are likely not gonna exceed the limits with Bluetooth I know of a different case with Bluetooth there. You can get a lot of the regulation ticked off by using Pre-certified modules and proper software stacks for example in Zephyr. For example, there is a There is a Bluetooth stack in there, and I think one of the chip vendors Was able to pre-certify their software stack for that. So and and in this case, I heard it worked So for for them compliance, especially also saying their product is a Bluetooth product got very affordable but Either way, you're gonna have to talk to the to the to the testing labs. At least that's what we did and Be able to afford to test equipment, which is in most cases in radio testing not that I don't want to go that path Another question would be When you develop a product you really start with the prototypes you try to a small batch of Visibility see how it's working collect learnings and feedback from the customer and then you go for the final product. I My assumption would be that for the feasibility for prototyping It's okay to go without any testing any compliance But of course you have to consider this for the final product Is this the case or there are also limits or Points where I should pay attention to that. Did I get that correct? So what you're what you're asking was the Whether for testing you already need to be fully compliant. Yeah Yeah, that depends on a customer as I said the with CE That never was a problem But especially with the in-house compliance or in-house regulations with the frequency bands that was a big problem In your case, that's so David They did not let us use our product in there before we were before we went through their testing but eventually it was such a big project that Yeah, it was a separate feature We decided only to ship to this customer and then we had enough money and time to to actually build that so that was an actual Side project, okay Did I answer your question? Sure. Thank you. Thank you So what happens if you're if you are not see compliance Can you talk about the liability side of things if you do take a product to market? Which is if you're something that you overlook or if you're not even see approved What what what happened? Do you know about the liability? What are what are the consequences? What what is the worst case? So the worst case I think is if If a site burns down and hundreds of people die And you didn't and you didn't test for it I mean this this testing is not only to be compliant with regulations that some people thought of because they thought it's Important but it's act and it's this testing is actually important, especially in the human safety part where there's actual Where there's actual situations or tests That show your device is not harmful for the environment, right? So the the And what happens if you're not see compliant? Well, that's not sure if someone can sue you I think it's still possible to sell the product but I'm not sure if some some institution from the EU is gonna call you or something I don't know about that, but I'm seeing it more from the from the personal responsibility perspective Where you actually want to make sure your product doesn't harm anyone and it doesn't I mean this is basically all that's for the the tests are very in my opinion very important, especially those regarding human safety and you want to want to do them regardless of of your opinion or whether whether or Your goal whether to be complete C compliant or not But still as far as I know and the regulation says is that all products have to be Compliant with these standards and sooner or later someone is probably gonna ask you did to do the testing Thank you Okay, when I lately Looked for the actual norms. I have to comply to or my product has to comply to there's a Large zoo of norms you can normally choose from e.g. For for the emcee part Well, you have to think about what is for product and maybe there are even multiple norms that fits that When I researched that I found companies that sell you a study you to Classify your products to to the norms. Do you have any experience with that? Did I get the question right is? Where to actually get all the information which product category I'm in and which norms apply to myself Yeah, that's the one part and the other part is Do you have any experience with external companies doing this? Research for you. Ah, yeah, basically the the answer is it was a mix On the one hand, we read the regulations ourselves. That was a lot of work and on the other hand we talked to Offices testing offices testing labs You're probably also gonna get different offers from different labs You're gonna what happens is usually with the first time you talk to them you explain to them What your product is and they are already gonna gonna say, okay? This is probably what you want to test or not. I mean still it's your obligation to tell them what to test But most of that information was We gathered was from these talks also to other sister companies for example or two or two two companies having similar Products and we just asked them which norms that you comply with and what what did you actually test and maybe where? So that this this was the the combination. I'm not aware of a very Specific this text that describes a list of the norms first for certain for certain products Yeah, that that sounds a lot like that what we do too. So yeah, it's good to know that reading and talking Yeah, definitely Thank you Another question Have you done any UL testing? as Sort of for the taking a product that's been see tested and then apply it to the US market With underwriters labs doing the similar There are Did I get the question right is what was the question it's a question What applies from see to the US markets or the FCC? Yeah taking an existing product that you already have see yeah, that's From a development and preparation point of view, it's Probably a lot of things overlap from the functionality. That's necessary in the hardware and software But from a testing perspective, I am not aware That there you can use The the actual test results. I think you There's even for FCC. For example, there's some countries that only allow testing in their country So I as far as I'm aware they do all the testing on themselves in an FCC okay, so It's I don't think there's a general answer for for that because Some some countries want to want to do it themselves and on some maybe they allow for the day They acknowledge your CE and then these and these tests are okay All from from I so I worked more I worked on the on the CE testing and what they What they always said is they they Encourage us to test everything. So and I would assume that Something I think applies to the FCC or if you have an FCC product and imported to the CE market I Think it can get very complicated in in arguing For example a technical difference arguing that your product is compliant with the other other norm Especially if it's not harmonized. I mean for example the the RAD The radio current directive is Attempts to harmonize the European market, but as far as I know, there's also not yet there so it's There for example parts missing for 5 gigahertz. So even there it this is harmonizing the European market has already a challenge currently and I Would not I would not say that that I The next step would be okay. It's probably not harmonized across the world Yeah, it gets more interesting when you have like Brazil and Japan and yeah Everyone has their own little Yes, yes, so so I briefly worked on a project in the railway industry And it's the same they went through certifications in every single of the countries. There's no not Nothing that you can really reuse Especially in the in the compliance declaration in these documents When you when you say okay, you are so you compliant you want to have this This report the test report that says that that has you all the test results And you don't want to go into your FCC test results or in your other standard test results to show okay This is why we are compliant in Europe. I don't I don't think this is a good strategy from a from a planning point of view either Any more questions? Please What was the industry if you have worked for projects in sub one gigahertz Frequency sub one gigahertz. Yes. Yeah. Yes. So the the glove project We were in the ISM band eight six eight megahertz And this is what the example was basically with the hopping where the customer wanted us to only use one one channel And this was in the ISM band in a sub gigahertz You develop the frequency hoping algorithm. No, we actually that was that was actually the the pain of wallet We bought pre certified or they declared it's certified in the C market and We had it led to a To a to a lot of collaboration between us and the radio manufacturer to actually get this feature done and yeah It was a lot of work That's why I may be maybe I'm biased because of that and saying okay There's a lot of work and there's a lot of unknowns especially with these customer specific regulations But I mean the the ISM band in itself is Is unlicensed so everyone one can use it so that's probably why they are very pretty prohibitive there too As in the 2.4 gigahertz example Thank you. Thank you Any more questions, but I thank you for joining a session and enjoy the conference. Thank you so much