Learn
Practical article Conformity assessment

What EU Conformity Assessment Means in a Real Product Project

A practical article on where conformity assessment sits in a hardware product project, who owns the work, and why starting late creates launch risk.

Question answered

Where does conformity assessment sit in a real hardware product project?

Outcome

Understand who owns the work, what each phase must produce, and why starting late creates delay.

Conformity assessment is not a documentation task at the end of your project. It is engineering work that runs through design, validation, and release - and it shapes your launch timeline whether you manage it or not.

Most hardware teams selling into Europe understand that their product needs CE marking. What is less obvious, until it causes a problem, is what the work behind that marking actually involves, and where it sits in a product development schedule.

Conformity assessment is the process by which the manufacturer demonstrates that a product meets the applicable EU requirements before it is placed on the market. The EU Blue Guide defines it as covering both the design and the production phase of a product. It is not an approval you receive from an authority. It is an evidence package you build, a set of decisions you make during development, and a legal declaration you sign before your product ships.

This article explains what that process looks like inside a real product project - not the regulatory theory, but the project reality: which phases it touches, who does the work, and what happens when it starts too late.

Note: This article is educational. It reflects the principles described in EU product legislation, the EU Blue Guide on implementation of product rules (2022), and established machinery safety literature. It is not legal advice. The binding interpretation of EU legislation is the exclusive competence of the Court of Justice of the European Union.

For the full seven-step workflow from identifying applicable rules through to CE marking, start with the pillar guide: EU Conformity Assessment for Machinery and Hardware Products.

Why this becomes a project problem

EU conformity assessment is not a single gate at the end of development. It is a thread that runs through the entire project, from product definition to market release.

Here is what it actually touches:

  • Planning. At the start of a project, someone needs to identify which EU directives and regulations apply to the product. This determines which essential requirements the design must meet, which standards are relevant, and whether third-party involvement is needed. If this work is not done until later, the team is designing without knowing the rules.

  • Design choices. The essential requirements in EU product legislation are not prescriptive specifications - they are protection goals. The manufacturer decides how to meet them. Harmonised standards offer one recognised path: a product designed and tested according to a relevant harmonised standard benefits from a presumption of conformity with the requirements that standard covers. But the choice of standards, and any deviations, must happen early enough to influence the design. Standards consulted after the design is locked become checklists for identifying problems, not tools for preventing them.

  • Risk assessment. For most hardware products, and especially for machinery, the risk assessment is the mechanism that determines which essential requirements are relevant and how far they need to be addressed. As Torben Jespen writes in Risk Assessments and Safe Machinery, the machinery safety risk assessment is "the key aspect concerning Machinery directive compliance." The essential health and safety requirements are only applicable when the corresponding hazard exists for the product in question, and the extent of compliance is determined by the assessed risk and the state of the art. This means the risk assessment is not a form to be filled in after the design is complete. It is the engineering analysis that drives design decisions.

  • Testing and validation. The evidence that a product meets the essential requirements comes from testing. Test planning depends on the risk assessment and the applicable standards. If either is incomplete, the test programme cannot be correctly scoped, and tests performed against the wrong scope may need to be repeated.

  • Documentation. The technical file is the manufacturer's central evidence package. EU legislation requires it to contain enough information to demonstrate conformity, including the risk assessment, design documentation, standards applied, test reports, and instructions for use. It must be kept for ten years after the product is placed on the market. If the documentation is assembled from memory at the end of the project, gaps are inevitable.

  • Release readiness. No product may be placed on the EU market without a completed conformity assessment, a signed declaration of conformity, and CE marking. These cannot be issued until the underlying work is done. A project that reaches its planned ship date without this evidence is not ready to ship.

Each of these elements depends on the ones before it. That dependency chain is why conformity work that starts late compresses into the final weeks, exactly when teams can least afford surprises.

What conformity work looks like across a real project

The conformity workflow maps naturally onto the phases most hardware teams already use. The difference is that in a well-managed project, each phase produces a conformity deliverable - not just an engineering one.

Product definition

Identify the EU directives and regulations that apply to your product. A single product may fall under multiple directives simultaneously, for example machinery safety, electrical safety, and electromagnetic compatibility requirements may all apply. Each brings its own set of essential requirements.

At this stage, you should also determine whether your product falls into a category that requires third-party conformity assessment by a Notified Body, or whether manufacturer self-assessment is sufficient. This affects both cost and timeline.

What should exist by the end of this phase: A list of applicable directives, an initial understanding of which essential requirements are likely to be relevant, and a decision on whether a Notified Body will be needed.

Early design

Begin the risk assessment. For machinery, this follows the methodology described in EN ISO 12100: define the limits of the product, identify the hazards, estimate and evaluate the risks. For other product types, the same logic applies - identify what can go wrong, assess how significant it is, and determine what needs to be addressed.

At the same time, identify the harmonised standards that cover the applicable essential requirements. These standards are your most efficient path to demonstrating compliance, because they provide concrete technical specifications and confer the presumption of conformity. Mapping them early means engineering can design to them rather than discovering mismatches later.

The three-step risk reduction hierarchy matters here. EU product legislation requires that risks be addressed in a specific order: first, eliminate or reduce the risk through design; second, apply protective measures for remaining risks; third, inform users about residual risks. The first step, inherently safe design, is only available while the design is still open. Once the design is locked, only the lower-priority options remain.

What should exist by the end of this phase: A working risk assessment (not final, but covering the major hazards), a standards map showing which harmonised standards will be applied, and design requirements that reflect both.

Detailed design and engineering

The risk assessment is refined as the design develops. New hazards may be identified; existing risk estimates may change as design details are resolved. This is an iterative process. After implementing risk reduction measures, the risks are re-assessed to verify that they have been adequately reduced and that no new hazards have been introduced.

Design documentation should be traceable back to the risk assessment and the applicable standards. If a design decision addresses a specific hazard or essential requirement, that connection should be recorded as it happens, not reconstructed later.

Test planning should also begin here, based on the standards identified in the earlier phase. Waiting until validation to define the test programme means the test scope is driven by schedule pressure rather than by actual requirements.

What should exist by the end of this phase: A mature risk assessment, design documentation with traceability to requirements, and a test plan aligned to the applicable standards.

Validation

Execute the test programme. This includes type testing, functional safety validation, environmental testing, and any other verification activities required by the relevant standards or the risk assessment.

If a Notified Body is involved, their engagement should have been planned and initiated well before this point. Notified Body review cycles take time, and they assess the conformity assessment procedure itself, including the technical documentation. Submitting incomplete documentation leads to review iterations that consume schedule.

What should exist by the end of this phase: Completed test reports, any required Notified Body certificates, and a substantially complete technical file.

Pre-market release

Finalise the technical file. Issue the EU declaration of conformity, the manufacturer's formal legal statement that the product meets all applicable requirements from all relevant directives. Affix the CE marking.

The declaration of conformity identifies the product, lists the directives and harmonised standards applied, and names the person authorised to sign on behalf of the manufacturer. It must accompany the product.

What should exist by the end of this phase: A complete technical file, a signed declaration of conformity, CE marking applied, and instructions for use finalised and translated into the required languages.

Who owns what

The EU regulatory framework places primary responsibility on the manufacturer. The Blue Guide states this directly: "The manufacturer has ultimate responsibility for the conformity of the product to the applicable Union harmonisation legislation, whether he designed and manufactured the product himself or is considered as a manufacturer because the product is placed on the market under his name or trademark."

This means: if your company puts a product on the EU market under its own name, your company is the manufacturer in the regulatory sense, regardless of who designed or built it.

Within the company, the work is distributed across roles, but the responsibility is not:

  • Product lead or project manager typically drives the initial identification of applicable directives and the decision on Notified Body involvement. They own the schedule integration, making sure conformity milestones are in the project plan, not running in parallel hope.

  • Engineering owns the risk assessment and the design decisions that flow from it. They select and apply the harmonised standards. They generate the design documentation and test evidence that form the core of the technical file.

  • Quality or compliance function (where one exists) coordinates the documentation, manages the relationship with any Notified Body or test laboratory, and often owns the technical file assembly and the declaration of conformity.

  • External partners, including test laboratories, consultants, and Notified Bodies, contribute expertise and evidence, but they do not take ownership. The manufacturer remains responsible for the completeness and accuracy of the conformity assessment.

In a small team, one or two people may cover all of these roles. The work does not shrink, but the coordination overhead does.

What about importers and distributors?

If your company imports products into the EU from a non-EU manufacturer, you have specific obligations. The importer must verify that the manufacturer has carried out the conformity assessment, drawn up the technical documentation, applied the CE marking, and provided the required instructions and safety information. The importer is not a passive intermediary. The Blue Guide describes the importer's role as "key" in guaranteeing the compliance of imported products.

Distributors have lighter obligations, primarily to verify that the product carries the required markings and documentation. But if an importer or distributor places a product on the market under their own name or trademark, they take on the full responsibilities of the manufacturer.

A machinery example: where this becomes concrete

Machinery is a useful reference because the Machinery Directive makes the relationship between risk assessment and compliance unusually explicit.

Under the Machinery Directive, the essential health and safety requirements cover every possible hazard that may be associated with machinery: mechanical, electrical, thermal, noise, vibration, radiation, hazardous substances, ergonomic risks, fire, and explosion. But these requirements are only applicable when the corresponding hazard actually exists for the specific machine. Which requirements apply, and to what extent, is determined by the risk assessment.

This means the risk assessment is not a supporting document for machinery. It is the operational tool that shapes the entire conformity pathway.

Consider a team developing an industrial machine with moving parts and an operator interface. If the risk assessment is conducted during early design, the team can:

  • design out mechanical hazards through geometry and layout choices (inherently safe design - the top priority in the risk reduction hierarchy)
  • specify guards and interlocks for hazards that cannot be eliminated by design
  • define the safety integrity requirements for safety-related control systems based on the assessed risk
  • plan tests against the specific Type B and Type C harmonised standards that cover the identified hazards

If the risk assessment is conducted after the design is locked, the team can only add guards, interlocks, and warning labels to an existing design. The most effective risk reduction option, changing the design itself, is no longer available. And if testing reveals that the design does not meet a relevant standard, redesign is the only path forward.

This is the mechanism behind late-stage compliance delays. It is not that the regulations changed. It is that the work was done in the wrong order.

Why late handling causes delays

The failure mode is specific and predictable:

  1. Standards are checked late. A harmonised standard is consulted after the design is committed. Requirements that should have shaped the design are instead discovered as gaps. Fixing them means redesign or deviation documentation, both of which take time.

  2. Risk assessment happens after design lock. The risk assessment identifies hazards that require design-level risk reduction, but the design is frozen. The team is forced to rely on add-on protective measures and warnings, which sit lower on the compliance hierarchy and may not be sufficient to demonstrate that the essential requirements are met.

  3. Test evidence is incomplete or misaligned. Tests are planned based on schedule availability rather than on the applicable standards. Results do not cover the requirements. Tests need to be repeated, often at external laboratories with their own lead times.

  4. Technical documentation becomes a reconstruction exercise. Design rationale was not recorded as decisions were made. The risk assessment was not updated as the design evolved. Standards traceability does not exist. Assembling the technical file becomes a project in itself, one that surfaces the gaps that should have been caught earlier.

  5. The declaration of conformity cannot be signed. Until the technical file is complete, the risk assessment is finalised, and the test evidence is in order, the manufacturer cannot legally declare conformity and apply the CE marking. The product is finished but cannot ship.

None of these problems are caused by the regulatory framework being unreasonable. They are caused by treating conformity as a task that happens after engineering, instead of as engineering work that happens during the project.

The takeaway

EU conformity assessment is not a documentation exercise that can be bolted on at the end. It is a structured set of engineering decisions, evidence, and documentation that must be built alongside the product.

The manufacturer owns it. The risk assessment drives it. The standards inform it. The technical file captures it. And the declaration of conformity is only credible if all of that work was done, and done in the right order.

If this matches how you think about compliance but not how your team currently manages it, the next step is understanding the specific workflow in more detail.

Read the full pillar guide: EU Conformity Assessment for Machinery and Hardware Products.

Where to go deeper

  • The Machinery Directive and the new Machinery Regulation
  • Risk assessment under ISO 12100
  • Harmonised standards for product teams
  • The technical file and declaration of conformity explained
Related reading

Related reading

EU Conformity Assessment for Machinery and Hardware Products A practical guide for product teams on managing EU conformity assessment as product-development work, not late-stage documentation.