Is My Specially Designed Equipment in the Scope of RoHS?

Posted on October 22, 2025 by Peter Jolles

We assist clients with their CE marking obligations daily at F2 Labs. This often means that we get into the weeds of the Directives to advise what they have to do and the stuff they do not have to do.

Clients understandably want to spend as little money and time on compliance as possible. We get it. This is not something fun to buy. Instead, it is a legal requirement that is between them and being able to ship their product to their customer in the EU… and get paid.

Our role is to tell you what we think is applicable, how much it will cost, and how much time it will take. Easy enough, right? It is easy if you involve someone knowledgeable about the requirements for placing a CE marking on products.

That is where we come in. There are many misconceptions about the applicability of the RoHS Directive 2011/65/EU to different kinds of products. In a nutshell, RoHS applies to anything with any electric or electronic function. This means if your product has any electric function then every individual piece of your build must individually comply with the Annex II substance level restrictions. For example – if your product is in scope, so are the screws and labels on it. Not just the board and electric motor or pump. It also means that all the little pieces on your board are in scope and so is each individual piece of every component.

The referenced Annex II substance restriction list was updated in 2015 with Commission Delegated Directive (EU) 2015/863 to add four phthalates. See below.

Perhaps you are reading this and wondering, “OK, what now?” Your responsibility, if your product is in scope of the RoHS Directive, is to ensure that no part of your build exceeds the restriction levels indicated in Annex II above.

To put a fine point on this, below is an example of the detail to which you must evaluate your build. I randomly pulled up a McMaster-Carr screw that is made up of stainless steel with some threadlocker applied to three of the threads. The part number is 95894A111 and an image from the product page is below, identifying the two components that make up this tiny screw: metal and black epoxy adhesive.

Both the metal and the epoxy have to individually comply with Annex II above. OK, now it is apparent why you want to investigate if you have do this, because in some cases you do not. And not doing it would be nice, right?

There are many exclusions to RoHS (see Article 2, 4 in the linked RoHS Directive above) but we will focus on Article 2, 4, (c):

equipment which is specifically designed, and is to be installed, as part of another type of equipment that is excluded or does not fall within the scope of this Directive, which can fulfil its function only if it is part of that equipment, and which can be replaced only by the same specifically designed equipment;

OK, great. You make something that goes on a big machine… you are excluded because large scale, stationary industrial machines are excluded from RoHS by Article 2, 4, (d), right? Maybe. It seems pretty clear… if you make a piece of equipment for someone else’s robot cell, and the robot cell is excluded from RoHS then you are excluded also, right? Again… Maybe.

The criteria for ‘specifically designed’ means that the equipment to be installed on the excluded machinery must be designed for that single model or that single installation (which is itself, custom). The best example that was given to me when I tried to understand this is an aftermarket light system on a vehicle. Let’s say you make offroad lighting for 4×4’s (vehicles are excluded from RoHS) and your lights can be installed on any 4×4 – you are not excluded. But if you make a set of lights for a Jeep Wrangler only? Excluded. If you make a light bar for a Ford Bronco, and it can only be installed on a Ford Bronco? Also excluded. This is loosely explained in the European Commission’s 2012 RoHS FAQ Guidance. That link is not working presently and has not worked for at least the past two days. (Secretly I am hoping it is about to be updated and replaced… it is 13 years old after all).

Luckily, I have a copy of this document so we can march on. Feel free to email me (pjolles@f2labs.com) and I will send a copy of it to you, no problem. Below is what we want from it now, Q3.3:

OK, not very clear, right? Me either, so I consulted with my old friend, Helmut Minor of Envenance. Helmut pointed me to the WEEE FAQ. Not to sidetrack this, but WEEE means the Waste Electrical and Electronic Equipment Directive 2012/19/EU and was written at the same time and by the same people as ROHS, and is complimentary legislation.

This means if you make some apparatus for a specific model of product, and that product is excluded, your apparatus is excluded from RoHS. If your apparatus can be used on different kinds of the same product then it is not excluded.

CONTACT F2 LABS FOR HELP, THIS IS WHAT WE DO.

Want to discuss your project with us?

You can contact us at this link. Our phone number is 877-405-1580 and we are here to help you.

F2 Labs is here to help.

Posted in CE marking, Consulting, International Testing, Product Testing, Prop 65, REACH, RoHS Directive 2011/65/EU | Comments Off on Is My Specially Designed Equipment in the Scope of RoHS?

Why ISO/IEC 17025 Accreditation Matters for Electrical Safety & EMC Testing | F2 Labs

Posted on October 14, 2025 by Keith Cooper

Electrical safety and EMC testing might not sound thrilling at first (unless you dream in oscilloscopes), but these tests are what keep your devices safe, compliant, and reliable.

The only problem? Those test results only mean something if the lab doing them is ISO/IEC 17025-accredited.

Think of ISO 17025 as the international “truth detector” for testing labs — the standard that ensures every voltage, current, and decibel reported can be trusted.

What Exactly Is ISO/IEC 17025?

ISO/IEC 17025 is the global standard for testing and calibration laboratories. It defines the requirements for quality management, technical competence, and measurement traceability.

A lab earns ISO 17025 accreditation only after a rigorous technical audit—one that checks everything from staff training and test procedures to instrument calibration and recordkeeping.

It’s not a one-and-done certification; accredited labs must keep proving their competence through ongoing assessments and audits.

Why ISO 17025 Is Crucial for Electrical Safety Testing

Electrical safety testing verifies that products won’t shock users, start fires, or break down under normal use. It’s governed by standards like IEC 60601, IEC 61010, and IEC 62368—and ISO 17025 ensures those tests are done right.

1. Proven Technical Competence

Accredited labs employ engineers who are qualified and proficient in performing detailed electrical safety evaluations. ISO 17025 ensures every test method is validated and correctly executed.

2. Traceable, Accurate Measurements

Every piece of equipment—from hipot testers to thermocouples—must be calibrated to national or international standards. That means no guesswork, just verifiable accuracy.

3. Consistency You Can Count On

Testing under ISO 17025 means following the same documented, repeatable procedures every time. Whether you test today or six months from now, the results stay consistent.

4. Regulatory and Global Acceptance

Regulators, NRTLs, and certification bodies require or prefer data from ISO 17025-accredited labs. Using accredited results helps streamline approvals and minimize costly retests.

5. Builds Customer Trust

When clients see that a test report comes from an ISO 17025-accredited lab, it signals credibility, objectivity, and technical integrity. That trust translates directly into market confidence.

Why ISO 17025 Also Matters for EMC Testing

Now, let’s talk about your product’s other personality trait: its electromagnetic behavior.
EMC (Electromagnetic Compatibility) testing makes sure your device doesn’t misbehave when surrounded by other electronics—or cause trouble itself.

1. Accuracy in a World of Invisible Signals

EMC testing measures interference and emissions at microscopic signal levels. ISO 17025 ensures that antennas, amplifiers, and analyzers are precisely calibrated, so results reflect real electromagnetic behavior—not random noise.

2. Consistency Across Test Chambers

Without standardized setups, two labs could test the same device and get wildly different results. ISO 17025 accreditation guarantees method consistency and test repeatability, no matter where your product is tested.

3. Faster Approvals for Global Markets

For CE marking, FCC compliance, or international EMC certifications, regulators often require ISO 17025-accredited data. This helps speed up approvals and eliminates retesting across regions.

The F2 Labs Difference

At F2 Labs, our ISO/IEC 17025 accreditation covers both electrical safety and EMC testing services.
Our accredited status proves that every test, measurement, and report we deliver meets the highest international standards for accuracy and competence.

We help manufacturers navigate complex compliance challenges—from safety evaluations and EMC testing to environmental assessments—with a clear, reliable process and a team of experts who genuinely care about your success.

Final Sparks of Wisdom

At the end of the day, compliance isn’t just about meeting standards — it’s about protecting your customers, your reputation, and your bottom line. At F2 Labs, we make the path to certification simple, transparent, and fast. Whether you need EMC, electrical safety, or environmental testing, our team of experts works with you from concept to compliance.

Ready to get your product certified with confidence? Contact F2 Labs today and let’s make your innovation market-ready — safely, efficiently, and on time. F2 Labs is fiercely committed to serving manufacturers through the product compliance process.

Posted in CE marking | Tagged , , , , , , | Comments Off on Why ISO/IEC 17025 Accreditation Matters for Electrical Safety & EMC Testing | F2 Labs

We Offer CE Marking Training For Your Organization

Posted on October 5, 2025 by Peter Jolles

F2 Labs offers onsite, and occasionally remote, CE marking Training for your company.

Recently, I conducted our CE marking Training for a client of ours in the U.S. As I always do, I looked at everyone at the beginning and said, “You can make yourself very valuable to your organization if you pay attention today and tomorrow.” Usually, everyone pays attention, and I always make myself available, after the training, to discuss the topics with the engineers, quality managers, salespeople, and others interested in the topic.

One of the participants from this engagement contacted me a few days after I held training in his company’s conference room with some questions. I saved the email because (1) I was impressed with the questions and (2) I knew it could be a useful blog article for others working through these issues. Below is his email, and my responses are in bold.

Peter,

A couple more questions as I work on this regulatory plan for our product.

  1. This might be more of a clarification.  The following below directives are on your reference sheet, but I do not think they are required for CE mark per the guidance on the EC website (https://single-market-economy.ec.europa.eu/single-market/goods/new-legislative-framework_en)
  2. General Product Safety Regulation (EU)2023/988 – aka GPSR

PJ 20250918: This is not a CE marking Directive, but you must comply with it if you have an electronic device not in scope of the LVD, MD, or RED. Also, there is no marking for the GPSR, and it is not listed on the declaration of conformity, but it is required.

3. Waste Electrical and Electronic Equipment Directive 2012/19/EU – aka WEEE

PJ 20250918: WEEE is not a CE marking Directive, but it may be required. We do not provide support for this. Our suggestion is to contact Helmut Minor of Envenance – helmut.minor@envenance.com. He is an excellent resource and offers what you need – a WEEE Compliance Scheme.

The WEEE Marking is not the CE, WEEE uses a crossed-out wheelie bin.

    4. Registration, Evaluation, Authorisation, and Restriction of Chemicals Regulation (EC) No. 1907/2006 – aka REACH

    PJ 20250918: REACH is what the Waste Framework Directive and SCIP use for criteria. There is nothing for you to do under REACH.

    5. Waste Framework Directive 2008/98/EC – aka WFD and or SCIP

    PJ 20250918: WFD and SCIP require reporting to the SCIP database for substances classified as SVHCs (substances of very high concern) under REACH.

    SVHC list (revises at least twice per year, always adds substances: https://echa.europa.eu/candidate-list-table)

      SCIP database: Link

      To do it without me you need IUCLID6 and know how to use it: IUCLID6

      6. Batteries Regulation (EU) 2023/1542 (Link)

      PJ 20250918:  No harmonised standards yet, too new

      7. Question: Am I looking at the website wrong, are these needed for CE marking as well?  Or are they just on your sheet as additional European regulations?

        PJ 20250918: See below.

        • The following regulations are on the EU website I linked above, but not on your sheet, are they needed for CE marking?

        PJ 20250918: Neither of those are concerned with your equipment.

          CONTACT F2 LABS FOR HELP, THIS IS WHAT WE DO.

          Want to discuss your project with us? Our experts can quickly determine what applies to your product and give you a road map to start exporting to the EU. We also offer company-wide training that is a springboard for your staff to hone in on YOUR REQUIREMENTS, and this means no more wasted hours spent searching Google and wading through multiple websites that contradict each other.

          I started and presently conduct all F2 Labs CE marking Training classes offered by F2 Labs. My email address is pjolles@f2labs.com.

          You can contact us at this link. Our phone number is 877-405-1580 and we are here to help you.

          Posted in Batteries, CE marking, Consulting, EMC Directive 2014/30/EU, EMC Testing, General Product Safety Regulation (EU) 2023/988, GPSR, GPSR (EU)2023/988, International Testing, Lasers, Low Voltage Directive 2014/35/EU, Machinery Directive 2006/42/EC, Machinery Regulation (EU)2023/1230, Pressure Equipment Directive 2014/68/EU, Product Testing, Radio Equipment Directive 2014/53/EU, REACH, RoHS Directive 2011/65/EU, UKCA | Comments Off on We Offer CE Marking Training For Your Organization

          So You Need to Field Evaluate Your Equipment – What You Need to Know

          Posted on September 25, 2025 by Keith Cooper

          If an Authority Having Jurisdiction (AHJ) or electrical inspector has ever informed you that you have failed your inspection or that you require a “UL or CSA Certification” or that your equipment must be “UL/CSA Certified” or “UL/CSA Labeled” we can help you. F2 Labs can provide the evaluation, testing, and label you need to turn the equipment on and turn it over to your customer – and move on to the next project. 

          When someone says, “UL or CSA Certification” or that your equipment be “UL/CSA Certified” or “UL/CSA Labeled”, that means your product must be evaluated to meet the government guidelines for installation and use of the equipment at that location.  In these instances, the AHJ or inspector is asking for you to have your equipment “Field Labeled” by an OSHA approved NRTL (National Recognized Testing Laboratory) and is not asking you to specifically have Underwriters Laboratories (UL) or CSA Group (CSA) perform the evaluation.  There are many different labs that can certify products to the UL and CSA standards.  You have the freedom to use a different laboratory in almost all cases.

          If you have a piece of equipment that is unlabeled and it is preventing you from starting production on your line or turning the equipment over to your customer at their site, F2 Labs can quickly quote and schedule our engineers to get you exactly what you need to get moving. We have three locations in the in the US from which to dispatch our experienced Safety Engineers to perform the UL Certification & CSA International Certification testing quickly. Additionally, we collect information from you and review it prior to our visit to reduce inefficient and costly second visits.

          CONTACT F2 LABS FOR HELP, THIS IS WHAT WE DO.

          Want to discuss your project with us?

          You can contact us at this link. Our phone number is 877-405-1580 and we are here to help you.

          Posted in CE marking | Comments Off on So You Need to Field Evaluate Your Equipment – What You Need to Know

          Corrosion | Salt Fog Testing: Like taking your product to the beach

          Posted on August 26, 2025 by Keith Cooper

          Imagine this: your brand-new, bright, glistening product steps into a chamber. The door closes. Inside, it’s not the day at the spa it expected – instead – it’s a nightmare at the beach. That is Corrosion/Salt Fog Testing..


          This testing is basically the same as setting your product outside a seaside condo with no shade, no maintenance, and a hurricane every day… for weeks. Why is this done? To determine if your product can survive in the kind of humid, salty, nightmare that would make even a pelican move inland.

          Why We Do It? (Other than because it’s fun)


          Because some standards require it and the goal is simple: duplicate years of corrosive exposure in just a few days or weeks. Think of it as time travel, but instead of visiting the Bronze Age, your product is flung into the future, where rust is king.
          What do we check?
          • That metal components survive the testing without turning into lace.
          • That the coating stays on and intact and doesn’t peel off like last week’s sunburn.
          • That fasteners remain functional, not fuse together in a salty embrace.

          Typical standards that require this testing:


          • MIL-STD-810H Method 509.7 – Environmental Engineering Considerations for Defense Electronics
          • IEC 60068-2-11 – Environmental testing – Part 2-11: Tests – Test Ka: Salt mist
          • ISO 9227 – Corrosion tests in artificial atmospheres — Salt spray tests
          • UL 50E – Enclosures for Electrical Equipment, Environmental Considerations
          • NEMA 250 – Enclosures for Electrical Equipment (1000 Volts Maximum)

          The Test Setup


          A typical salt fog chamber resembles a mix between a fridge, a sauna, and a mad scientist’s fish tank. Inside, your product gets showered with a fine mist of saltwater, usually 5% sodium chloride. That’s the same stuff in ocean water — except here, it’s 24/7 and there’s no “low tide.”
          Engineers then check the product at intervals. If something is corroding, swelling, cracking, or just generally looking like it’s been rescued from the Titanic… congratulations, you’ve learned something valuable (and probably expensive).

          Lessons Learned


          Salt fog testing teaches us that:

          1. Nature is undefeated.
          2. A good protective coating is worth its weight in gold (or at least stainless steel).
          3. Just because it survived in the lab doesn’t mean it’ll survive on the Jersey Shore.

          Final Thoughts


          Salt fog testing is brutal, but it’s also a love letter to durability. By the end, your product will either emerge victorious — battle-scarred but proud — or it’ll be heading back to R&D for a serious armor upgrade.


          And hey, at least it got to “visit the beach,” right? Contact Us if you have a product that needs to lounge in the salty air!

          Posted in CE marking | Comments Off on Corrosion | Salt Fog Testing: Like taking your product to the beach

          Essential Performance: What It Is, Why It Matters, and When You Can Say “No Thanks”

          Posted on August 22, 2025 by Keith Cooper

          Let’s talk about Essential Performance—the term that sounds like it belongs in a motivational poster but is actually a cornerstone of medical device compliance. If you’ve ever stared at a test plan wondering, “Do I really need to define this?”—this one’s for you.

          What Is Essential Performance, Anyway?

          According to AAMI CR500, Essential Performance is:

          “Performance of a clinical function, other than related to BASIC SAFETY, where loss or degradation beyond the limits specified by the MANUFACTURER results in an unacceptable RISK.”

          Translation? If your device stops doing something it’s supposed to do—and that failure could hurt someone—it’s probably Essential Performance.

          It’s not about whether the device turns on or doesn’t electrocute anyone (that’s basic safety). It’s about whether it does its job in a way that keeps patients safe.

          How Do You Decide What It Is?

          Start with your Indications for Use. If your device is just along for the ride (think: adjunct therapy), you might not need to define Essential Performance. But if it’s delivering therapy or doing something critical—buckle up.

          Then, do a risk assessment (hello, ISO 14971). Ask yourself:

          •  What are the clinical functions?

          •  What happens if they fail?

          •  Would that be bad? Like, really bad?

          If the answer is yes, congrats—you’ve got Essential Performance.

          Pro tip: Don’t get lazy with vague language. “Monitor alarms” doesn’t cut it if your device doesn’t even have alarms. FDA reviewers are not fans of generic fluff.

          Common Pitfalls to Avoid

          Let’s be honest—this is where things get messy. Here are some classic missteps we’ve seen:

          •  Skipping the risk analysis: You can’t just say “no Essential Performance” without backing it up. That’s like skipping the fire drill and hoping for the best.

          •  Using generic criteria: “Device functions as intended” is not a testable metric. Be specific. Be measurable.

          •  Copy-pasting from other devices: Just because it worked for Device A doesn’t mean it applies to Device B. Context matters.

          •  Assuming therapy = safety: Delivering therapy doesn’t automatically mean you’ve covered Essential Performance. You still need to define it.

          •  Ignoring the IFU: Your Indications for Use are the blueprint. If they say “delivers therapy,” you’re on the hook.

          When You Can Say “No Essential Performance”

          Yes, there are times when it’s okay to say your device doesn’t have Essential Performance. But only if:

          •  The IFU clearly shows it’s not delivering therapy.

          •  There are no clinical functions that could cause harm if they fail.

          •  You’ve documented this with a proper risk-based rationale.

          No shortcuts. No, “we just decided not to.” And definitely no “we copied this from another device.”

          Real-World Examples

          • Thermometer – The importance of maintaining a certain accuracy is critical because if a fever goes undetected, then fever reducer would not be given, or the person may have a serious infection go undiagnosed and untreated.
          • Infusion Pumps – Accuracy is extremely important.  Administering too much or not enough of certain medications, such as Chemotherapy Drugs, can pose serious risks.
          • UV light used to disinfect – If the UV level is too low, then there is the risk of the bacteria or pathogens not being killed and possibly being ingested.  If the UV is too high, there is a risk of it burning a material and possibly putting toxic gases into the air.

          These aren’t guesses—they’re tied to actual risk and clinical function.

           Final Thoughts

          Essential Performance isn’t just a checkbox—it’s a safety net. It’s how we ensure medical devices don’t just work, but work safely when it matters most.

          So next time you write a test plan or prepare for a submission, ask yourself: What’s essential? Then prove it.

          Do you have a device you’re unsure about? Do you need help defining Essential Performance criteria that won’t get flagged by reviewers? Reach out to our compliance team or submit a Contact Us form. We love a good challenge—and we’ve seen it all. Want us to feature your device in a future Tech Note? Let’s talk.

          Posted in CE marking | Comments Off on Essential Performance: What It Is, Why It Matters, and When You Can Say “No Thanks”

          Adapting to Evolving U.S.-China Regulatory Dynamics

          Posted on August 4, 2025 by Keith Cooper

          Medical device companies operating across U.S. and Chinese markets are facing a rapidly shifting regulatory environment. As geopolitical tensions between the two nations intensify, firms must reevaluate their global strategies—particularly when it comes to supply chains, partnerships, and compliance efforts.

          Thermometer reading 39.3*C is held in front of little girl

          Legislative Spotlight: The BIOSECURE Act

          At the center of this shift is the proposed BIOSECURE Act, a bipartisan measure in the U.S. Congress. If enacted, it would prohibit federal contracts and funding for organizations that engage with specific Chinese firms—especially those in the biotech and genomics sectors that raise national security concerns. Though still under legislative review, the bill is already influencing corporate behavior, pushing medtech companies to scrutinize their operations for potential exposure to restricted entities.

          Currently, five Chinese firms are named under the legislation.  Companies would have until 2032 to cut ties with these “entities of concern,” though there’s speculation that the timeline could be shortened depending on how geopolitical conditions evolve.  The FDA and FCC specifically are not accepting test results from these Chinese firms and others. 

          Declining Confidence in Cross-Border Collaboration

          Surveys within the life sciences industry reveal a sharp decline in executive confidence when it comes to partnering with Chinese companies. This drop reflects not only regulatory apprehensions but also fears around supply chain vulnerabilities and reputational risks. As scrutiny increases, firms are reconsidering their dependencies on Chinese manufacturing and research entities.

          Strategic Recommendations for Medical Device Manufacturers

          To prepare for and respond to this changing landscape, medtech companies should take the following steps:

          1. Gain a Clear Understanding of Emerging Policies
            Familiarize leadership and compliance teams with the BIOSECURE Act and related legislative proposals. Assess current relationships with Chinese suppliers and determine any potential risks to U.S. federal funding eligibility.
          2. Review and Map Supply Chains
            Conduct a detailed audit of suppliers and subcontractors, paying close attention to ownership structures and geographical affiliations. Transparency across the supply chain will be crucial for future regulatory compliance.
          3. Establish Backup Plans for Operations
            Diversify sourcing and manufacturing options to reduce overreliance on any single country or region. Building flexibility into logistics and inventory management can help companies adapt quickly to regulatory or trade disruptions.
          4. Strengthen Cybersecurity Infrastructure
            With increasing concerns around data privacy and security, medical device firms must prioritize the protection of proprietary data and digital systems. A proactive cybersecurity strategy is now a core component of risk management.
          5. Foster Organizational Resilience
            Companies that invest in agility—whether through internal policy adjustments, workforce training, or operational decentralization—will be better equipped to handle uncertainty and change.

          Turning Compliance into Competitive Advantage

          Although the current climate introduces new challenges, it also creates an opportunity for medical device companies to lead with transparency, accountability, and strategic foresight. By aligning early with expected regulations and adopting resilient practices, organizations can position themselves as trusted partners in a more complex global marketplace.

          As an ASCA certified FDA lab, F2 Labs is expertly positioned to assist medical device manufacturers in their regulatory needs to get their devices to market. Reach out to us today to help craft a regulatory pathway for your particular device.

          CONTACT F2 LABS FOR HELP, THIS IS WHAT WE DO.

          Want to discuss your project with us?

          You can contact us at this link. Our phone number is 877-405-1580 and we are here to help you.

          F2 Labs is here to help.

          Posted in CE marking | Tagged , | Comments Off on Adapting to Evolving U.S.-China Regulatory Dynamics

          REACH/RoHS and Continuing Compliance

          Posted on July 18, 2025 by Keith Cooper

          * Until August 15th, if you mention this blog post we will offer special pricing (20% off) your full REACH and RoHS evaluation with F2 Labs. *

          We evaluate your device and keep it on autopilot, painlessly.

          The RoHS Directive 2011/65/EU+(EU)2015/863 started life in 2002 as the RoHS Directive 2002/95/EC. It has changed over the years, adding substances and exemptions, and all affect the compliance of your device. Likewise, manufacturers and suppliers often change both the components and materials that comprise the parts you buy from them. And they do this with no obligation to alert you.

          The REACH Regulation (EC) No 1907/2006 changes every six months. ECHA always adds substances to the restricted list. They never remove substances from the list which can make it excruciating for you and your staff. Presently there are 250 substances of very high concern, also called SVHC’s. That list is here: ECHA SVHC List and it will change again in either December 2025 or January 2026. Testing for REACH and RoHS is very expensive and it can cost thousands of dollars per part, depending upon what it is and how many materials make up the part. For example, a part made with plastic and metal can easily cost $3,000 to test. Just for one part. Now, multiply that against the number of parts a manufacturer like MolexMurataVishay, or TE Connectivity produces. It is easy to see that this is a monumental task for these companies that never ends. You can imagine that once they clear a “list” of SVHC’s… right around the corner another, new list is published and the testing starts all over again. Then, add in that these companies likely have their own supply challenges and it is apparent that the RoHS and REACH status of these parts changes constantly.

          What happens if the composition of a part changes?

          Manufacturers can change how they make their parts. Suppliers can change who they buy a part from. In both cases they are not obligated to indicate to you, the electronic device manufacturer, what changes they made. In a worst-case example a supplier can sell you a machine screw made of RoHS and REACH compliant steel and use a descriptor and part number for that screw that is unique to their system. Let’s call it, “10 mm screw, pn 123456”. You could make orders for that screw over the years, always ordering their part number 123456, without knowing if that supplier is still using the same screw that was originally evaluated for RoHS and REACH compliance.

          I routinely see examples of parts that were compliant at one point in time and then are not-compliant the next time the part is used in a build under review, and vice-versa. When this happens I see the part used in the new build — but I also see that the part is used in a build by a customer that submitted the device for review in the past.

          Why is this important to you?

          There is no one obligated at these companies to go through your past orders and tell you if a part you ordered a year ago now maintains the same RoHS and REACH status when you make a repeat order. You need to do this and it is your responsibility to alter your build(s) and or product documentation if there are restricted substances added into any of the parts used in your machine. No matter how insignificant. Even product labels made out of paper are in scope.

          How can F2 Labs help you with this?

          F2 Labs is a product safety and EMC test laboratory and we assist our clients with nearly all compliance requirements for global marketing and sales. We started offering RoHS services in 2014 and added REACH a few years later. We started these services because they are legal requirements and oftentimes our customers’ customer in the EU is unaware of these laws. We load your device in our system and can maintain the integrity of the build in an ongoing basis for products you make over and over. We can also perform a one-time RoHS and REACH evaluation for a custom product you are only making once.

          Machinery, control panels, and medical devices are not excluded. RoHS and REACH apply to all equipment with electric function and that includes commercial, industrial, and medical equipment. REACH also applies to non-electric products. They are not restricted to consumer goods.

          F2 Labs tracks down the EU RoHS and EU REACH (and we can do this for California Prop 65 and California RoHS also) status of each and every part, terminating with a report to you that indicates the compliance status. We can also tell you which of your suppliers responded and when, who ignored the request if that happens, and most importantly – the parts that are not compliant. The EU included teeth in these laws. They can fine you per device, make you pull it from the market, or even test it in the EU and then send the bill to you. You do not want to ignore these requirements, even if your customer in the EU did not mention them.

          CONTACT F2 LABS FOR HELP, THIS IS WHAT WE DO.

          Want to discuss your project with us?

          You can contact us at this link. Our phone number is 877-405-1580 and we are here to help you.

          F2 Labs is here to help.

          Posted in CE marking | Comments Off on REACH/RoHS and Continuing Compliance

          FDA Enforcement Flags Data Integrity Risks at Overseas Labs

          Posted on June 6, 2025 by Keith Cooper

          The U.S. Food and Drug Administration (FDA) has issued formal warning letters to two overseas third-party labs for serious violations involving data falsification, poor quality controls, and noncompliance with regulatory standards—raising red flags for medical device manufacturers that outsource premarket testing to overseas labs.

          “The FDA has no room for bad actors,” said Commissioner Marty Makary, M.D., M.P.H. “False and shoddy activity jeopardizes patient access, product sponsors, and the device supply chain.”

          What Happened?

          After detailed inspections, the FDA found both labs—used for U.S. device submissions—violated Good Laboratory Practices (GLP) and failed to ensure test reliability.  Read the news release here

          Key Violations Identified:

          • Data Integrity Failures: Incomplete, inaccurate, or untraceable test records
          • Weak Quality Oversight: Lack of QA systems and supervision
          • Animal Welfare Lapses: Poor documentation and animal tracking in biocompatibility studies
          • Training Gaps: Unqualified personnel performing critical testing tasks

          These issues compromise the credibility of data submitted in FDA filings—posing risks to manufacturers and patients alike.

          Implications for Manufacturers

          The FDA reminds manufacturers that they remain fully responsible for the integrity of the data they’re submitting. Companies relying on these “bad actors” could face submission rejections or re-testing requirements. To mitigate risk, the FDA urges manufacturers to:

          • Reevaluate submissions tied to the cited labs
          • Strengthen due diligence when selecting third-party labs
          • Ensure traceability of all submitted test results
          • Use FDA ASCA-accredited laboratories whenever possible

          If your compliance testing has gone off track, don’t worry—we’re here to support you. Let us help you bring clarity and direction back to your project in the fastest, most cost-effective way possible.  We understand that time is money.

          Posted in CE marking | Comments Off on FDA Enforcement Flags Data Integrity Risks at Overseas Labs

          Cybersecurity and the new Radio Equipment Directive

          Posted on May 28, 2025 by Keith Cooper

          So, manufacturers, get your cybersecurity capes on. The EU is coming for your gadgets—and it means business.

          Brace Yourselves: The EU Is Mandating Cyber Hygiene for Wireless Devices

          Starting August 1, 2025, the EU is tightening the screws on anything with an antenna or IP address. If your device transmits via radio and talks to the internet—even once—it now falls under the revised Radio Equipment Directive (RED 2014/53/EU). In short: your hardware just got a cybersecurity to-do list.

          Yes, this applies to a wide array of products: routers, wearables, smart toys, baby monitors, fitness trackers, and any IoT thingamajig you’ve designed to be “smart.” Now it also has to be “secure.”

          What’s In Scope?

          If it’s radio-equipped and internet-connected, it’s in. Think:

          • Smartphones, tablets, wireless cameras
          • Routers and modems
          • Sensors, wearables, home automation gadgets
          • Basically, anything with Wi-Fi, LTE, Bluetooth, Zigbee, etc.

          If it sends packets or listens for them, you should assume RED applies.

          The Three Cyber Must-Haves

          Here’s what the Directive now explicitly requires at the engineering level:

          1. Network Safeguards (Art.3.3(d)) – Cybersecurity

          Your device must not compromise the network it connects to. That means:

          • Implement rate limiting and request throttling
          • Avoid open ports and insecure default configs
          • Prevent DDoS amplification (yes, that includes securing UPnP and STUN misconfigurations)
          • Validate firmware updates properly—no unsigned OTA madness

          Basically, stop your devices from turning into network bullies or zombie bots.

          2. Data Protection (Art.3.3(e)) – Privacy

          If your product handles any personal or location data—even if it’s indirect (say, via cloud sync or a companion app)—you need:

          • Strong access control
          • Data encryption at rest and in transit
          • Local storage isolation
          • Privacy-by-design baked into the firmware and UI

          Bonus: If it’s a children’s product (e.g. smart toys or wearables), you really need to lock it down. Think COPPA-level security or higher.

          3. Fraud Prevention (Art.3.3(f)) – Fraud Prevention

          Devices that facilitate payments or virtual currency? You’re now responsible for:

          • Secure user authentication (multi-factor, biometrics, hardware tokens, etc.)
          • Transaction verification layers
          • Anti-spoofing and tamper resistance
          • No hardcoded secrets or reused cryptographic keys, please

          This especially applies to mobile wallets, NFC payment gadgets, and wearables that act like debit cards.

          But Wait—Where Are the Standards?

          Here’s the fun part: no harmonized standards yet. That’s right. As of now, there’s no pre-approved checklist to mark as “compliant.”

          You’ll likely need a Notified Body to evaluate compliance unless your implementation clearly aligns with best practices from:

          • ETSI EN 303 645 (IoT security baseline)
          • IEC 62433-1 (embedded system threat mitigation)

          Translation: Just being “secure” won’t cut it unless you can prove it.

          Non-Compliant? No CE Mark = No EU Market

          If your product doesn’t meet these new cybersecurity requirements, forget about affixing that CE mark. Customs will be scanning for this, and regulators are expected to ramp up enforcement.

          No CE = No sales in the EU. Period.

          Engineering Teams:

          • Audit your devices now for radio+internet exposure
          • Revisit firmware and protocol stack designs with RED compliance in mind
          • Document your security measures—you’ll need the paperwork
          • Build with security as a core requirement, not a post-hoc patch

          EU’s message to engineers: If you’re connecting it, you’re protecting it.

          CONTACT F2 LABS FOR HELP, THIS IS WHAT WE DO.

          Want to discuss your project with us?

          You can contact us at this link. Our phone number is 877-405-1580 and we are here to help you.

          Posted in CE marking | Comments Off on Cybersecurity and the new Radio Equipment Directive