Home/Blog/Self-Declaration vs. Notified Body
December 2025 · 7 min read

Self-Declaration vs. Notified Body: Choosing Your Compliance Path

A clear comparison of the two routes to demonstrating conformity with RED cybersecurity requirements, with guidance on choosing the right approach.

Two Routes to CE Marking

Under the Radio Equipment Directive (RED), manufacturers have two primary routes to demonstrate conformity with the cybersecurity essential requirements and affix the CE mark:

  • Self-declaration (Internal production control — Module A)
  • Notified Body assessment (EU-type examination — Module B + Conformity to type — Module C)

The choice depends on your product category, which harmonised standards apply, and your risk tolerance.

Self-Declaration (Module A)

How It Works

The manufacturer (or an authorised representative) carries out the conformity assessment internally. This typically involves:

  1. Testing the product against the applicable harmonised standards (e.g., EN 18031-1)
  2. Compiling a technical file with all supporting evidence
  3. Issuing an EU Declaration of Conformity (DoC)
  4. Affixing the CE mark

When You Can Self-Declare

  • When a harmonised standard exists that fully covers the applicable essential requirements
  • When the product does not fall into a category that mandates third-party assessment
  • When there is no gap between the standard's coverage and the regulatory requirements

Advantages

  • Faster time to market — no Notified Body scheduling dependency
  • Lower cost — no third-party assessment fees
  • Full control over the assessment timeline

Risks

  • The manufacturer bears full responsibility for the assessment's quality
  • Market surveillance authorities may challenge the assessment
  • If the harmonised standard doesn't fully cover the essential requirements, self-declaration may not be possible

Notified Body Assessment (Module B+C)

How It Works

  1. Module B (EU-type examination): A designated Notified Body examines the technical design and tests a representative sample of the product
  2. Module C (Conformity to type): The manufacturer ensures that production units conform to the approved type

When It's Required

  • When no harmonised standard fully covers the applicable essential requirements
  • When the product falls into a higher-risk category mandated for third-party assessment
  • When the manufacturer chooses to use a Notified Body voluntarily for additional assurance

Advantages

  • Highest level of assurance — independent third-party validation
  • Stronger position if challenged by market surveillance authorities
  • May be a commercial advantage (demonstrates rigour to B2B customers)

Considerations

  • Longer timeline — depends on Notified Body availability
  • Higher cost — assessment fees and potential multiple rounds of review
  • Less flexibility — changes to the product may require re-assessment

Decision Framework

Ask yourself these questions:

  1. Does a harmonised standard fully cover my essential requirements? If yes, self-declaration is likely possible.
  2. Does my product category mandate third-party assessment? Check the applicable delegated acts and the CRA product classification.
  3. What is my risk tolerance? Self-declaration is faster but carries more regulatory risk.
  4. What do my customers expect? B2B customers in critical sectors may prefer Notified Body certification.
  5. What's my timeline? If speed to market is critical, self-declaration avoids Notified Body scheduling delays.

How We Can Help

At Vigilon Cyber, we support both pathways:

  • Self-declaration support: We perform the full EN 18031-1 compliance assessment, prepare your technical file, and ensure your Declaration of Conformity is robust.
  • Notified Body preparation: We pre-test your product, identify and help remediate non-conformities, and prepare your documentation so the formal Notified Body assessment proceeds smoothly.
Discuss Your Compliance Path