CROSS-STANDARD public interest · Wireless / IoT device
China-to-Bulgaria Wireless / IoT Device Compliance Gap Matrix
AI-compiled from official public sources — cross-checked by multiple AI models, not human-verified. Informational only; see disclaimer. Public-interest, source-linked comparison of common China wireless and IoT device documentation against Bulgaria / EU Radio Equipment Directive (RED 2014/53/EU) requirements enforced by CRC (Communications Regulation Commission), covering CE marking, radio performance, EMC, electrical safety, cybersecurity (mandatory from 1 August 2025), EU Authorised Representative, and Bulgarian-language labelling obligations.
Dataset 2026-06-11
Last verified 2026-06-17
6 rows
GAP MATRIX
Compliance Gap Matrix
| Compliance item | Common China baseline | Bulgaria (CRC / CE) | Gap / action | Source + verification date |
|---|---|---|---|---|
| Cybersecurity — RED Art. 3.3(d)(e)(f) + EN 18031 (Mandatory from 1 Aug 2025, Bulgaria / CRC) | China has IoT and network security requirements under MIIT Order No. 12 (2022) on IoT security administration, and voluntary national standards GB/T 36951-2018 (IoT sensor node security) and GB/T 37093-2018 (IoT data security). MIIT also enforces network access licence (NAL) requirements that include basic security criteria for telecom terminal equipment. However, none of these Chinese frameworks require pre-market security controls equivalent to EN 18031-1 (unique per-device credentials, no universal default passwords, software update integrity, attack surface minimisation). China has no regulatory analogue to RED Art. 3.3(d)-(f) as a mandatory CE-comparable pre-market cybersecurity gate.MIIT Order No. 12 (2022) — Administration of Internet of Things Security (MIIT) GB/T 36951-2018 — Information security technology; IoT sensor network node security technical requirements (voluntary, SAMR/SAC) GB/T 37093-2018 — Information security technology; IoT data security technical requirements (voluntary, SAMR/SAC) |
Bulgaria applies EU cybersecurity requirements for radio equipment without national derogation. Commission Delegated Regulation (EU) 2022/30 activated RED Article 3.3(d), (e), and (f) for internet-connected radio equipment, equipment processing personal/location/traffic data, and equipment for children or wearables. Mandatory application date: 1 August 2025 (extended from 1 August 2024 by Delegated Regulation (EU) 2023/2444). The harmonised standards are EN 18031-1:2024 (network security), EN 18031-2:2024 (privacy for personal data-processing devices), and EN 18031-3:2024 (child protection/fraud prevention), published in the EU Official Journal on 20 February 2025. CRC enforces these requirements in Bulgaria as the national RED market surveillance authority. Products placed on the Bulgarian market from 1 August 2025 that fall within the scope of Delegated Regulation (EU) 2022/30 must include cybersecurity compliance in their DoC and technical file. The EU Cyber Resilience Act (CRA), expected to apply from 2027, will impose additional software security obligations for connected devices placed on any EU market including Bulgaria.Directive 2014/53/EU (RED), Art. 3.3(d)(e)(f) Commission Delegated Regulation (EU) 2022/30 — activating RED Art. 3.3(d)(e)(f) Commission Delegated Regulation (EU) 2023/2444 — extending mandatory date to 1 August 2025 EN 18031-1:2024 — Radio equipment; common security requirements; Part 1: Internet connected radio equipment EN 18031-2:2024 — Radio equipment; common security requirements; Part 2: Radio equipment processing personal data EN 18031-3:2024 — Radio equipment; common security requirements; Part 3: Radio equipment for child protection and toys Regulation (EU) 2024/2847 (Cyber Resilience Act) — expected mandatory application from 2027 for connected products on EU market |
This is the largest new compliance gap for Chinese Wi-Fi/IoT devices entering Bulgaria effective 1 August 2025. Specific EN 18031-1 mandatory controls that are absent from typical Chinese IoT product design include: (1) no universal default passwords — each device must ship with a unique credential or force the user to set one; (2) network interface disable capability — the device must support disabling all network access interfaces; (3) software update integrity — updates must be cryptographically signed and verified before installation; (4) encrypted communications — data in transit must be protected; (5) attack surface minimisation — all unused ports, protocols, and services disabled by default. Additionally: EN 18031-2 applies where the device processes personal data (most consumer IoT devices); EN 18031-3 applies to toys and childcare articles. CRC may request cybersecurity technical documentation during market surveillance. As a Southeastern European EU member state and regional distribution hub, Bulgarian customs may also screen devices entering the Balkan corridor for cybersecurity documentation gaps. Looking ahead, the EU Cyber Resilience Act (CRA, Regulation (EU) 2024/2847) is expected to impose further mandatory software update, vulnerability disclosure, and SBOM obligations for connected products from approximately 2027, applying to Bulgaria as an EU member state.[INFORMATIONAL] RED Art. 3.3(d)-(f) cybersecurity requirements, mandatory from 1 August 2025, represent the largest new gap for Chinese Wi-Fi/IoT devices entering Bulgaria. EN 18031-1/2/3 are the harmonised standards; no Chinese regulatory equivalent exists. CRC enforces these requirements as the Bulgarian national market surveillance authority. Manufacturers must conduct firmware/hardware security gap assessments and implement required controls before Bulgarian market placement from 1 August 2025. The forthcoming EU Cyber Resilience Act will impose additional obligations from approximately 2027. | EUR-Lex / Official Journal of the European Union2026-06-17 · reference |
| Electrical Safety — RED Art. 3.1(a) + EN IEC 62368-1 (Bulgaria 230 V/50 Hz, Plug C/F) | In China, information technology equipment safety is governed by GB 4943.1-2022 (equivalent to IEC 62368-1:2018, second edition), mandatory under CCC (CNCA-C17-01) for IT equipment. Chinese mains supply is 220 V/50 Hz with plug types A and I (GB 2099 series); Chinese products are often designed for 100–240 V input, but the plug type will differ from Bulgarian C/F sockets. GB 4943.1-2022 aligns with IEC 62368-1 second edition, while EN IEC 62368-1:2020+A11:2021 is derived from the third edition with an EU-specific A11 amendment. Chinese CCC safety certificates do not satisfy RED Art. 3.1(a) conformity assessment in Bulgaria.GB 4943.1-2022 — Information technology equipment; safety; Part 1: General requirements (equivalent to IEC 62368-1:2018 2nd edition) (SAMR/CNCA, mandatory under CCC) GB 2099 series — Plugs and socket-outlets for household and similar use (Chinese plug types A/I) |
Bulgaria applies EU harmonised electrical safety standards without national derogation. Under RED 2014/53/EU Art. 3.1(a), radio equipment must protect the health and safety of persons, domestic animals, and property. For Wi-Fi routers, IoT gateways, smart home devices, and Bluetooth accessories, the mandatory harmonised safety standard is EN IEC 62368-1:2020+A11:2021 (Audio/video, information and communication technology equipment — Part 1: Safety requirements). EN 60950-1 ceased to provide presumption of conformity on 20 December 2020 and is no longer acceptable. Bulgaria uses 230 V/50 Hz mains supply and plug types C (Europlug) and F (Schuko); mains-powered devices must be verified for compatibility with these supply parameters. Products must be labelled with the supply voltage/frequency in Bulgarian (in addition to other EU languages or symbols). CRC enforces RED Art. 3.1(a); DAMTN (State Agency for Metrological and Technical Surveillance) enforces general product safety alongside.Directive 2014/53/EU (RED), Art. 3.1(a) — as transposed in Bulgaria EN IEC 62368-1:2020+A11:2021 — Audio/video, information and communication technology equipment; Part 1: Safety requirements (harmonised under RED and LVD) Directive 2014/35/EU (LVD) — Low Voltage Directive; may apply to standalone mains-powered accessories |
Four gaps apply for Chinese manufacturers exporting to Bulgaria: (1) Edition gap — EN IEC 62368-1:2020+A11:2021 (3rd edition + EU amendment) vs. GB 4943.1-2022 (2nd edition); A11 introduces additional fire enclosure and earthing conductor requirements absent from the Chinese standard; (2) Supply voltage/plug compatibility — China 220 V/A/I plug vs. Bulgaria 230 V/50 Hz/C/F; products must be tested and labelled for European supply parameters; (3) Chinese CCC test reports are insufficient for RED Art. 3.1(a) — re-testing at an EU-recognised laboratory is required; (4) EN 60950-1 is no longer valid and must not be cited in the DoC. DAMTN may additionally enforce General Product Safety Regulation (GPSR) obligations for consumer-facing devices.[INFORMATIONAL] EN IEC 62368-1:2020+A11:2021 is mandatory for electrical safety under RED Art. 3.1(a) in Bulgaria. EN 60950-1 is no longer valid. Chinese CCC tests to GB 4943.1-2022 (2nd edition) do not cover EU A11 requirements. Products must also be verified for 230 V/50 Hz operation and C/F plug compatibility. Re-testing at an EU-recognised laboratory and Bulgarian-language labelling of supply parameters are required. | EUR-Lex / Official Journal of the European Union2026-06-17 · reference |
| EMC — RED Art. 3.1(b) + EN 301 489 Series (Bulgaria / CRC) | Chinese EMC requirements for wireless devices are covered by GB/T 9254.1-2021 (emissions, equivalent to CISPR 32:2015) and GB/T 17618-2015 (immunity, equivalent to CISPR 24:2010), administered by SAMR/SAC. CCC-listed products are tested at CNCA-designated laboratories. While the underlying emission limits are broadly aligned with CISPR 32, EN 301 489-17 applies RLAN-specific test modes and duty-cycle-adjusted averaging not present in the Chinese GB/T framework. Chinese test reports are not accepted by CRC as evidence of RED EMC conformity.GB/T 9254.1-2021 — Information technology equipment; radio disturbance characteristics (emissions, equivalent to CISPR 32:2015) (SAMR/SAC) GB/T 17618-2015 — Information technology equipment; immunity characteristics (equivalent to CISPR 24:2010) (SAMR/SAC) |
Bulgaria applies EU harmonised EMC requirements without national derogation. Radio equipment must protect the radio spectrum and ensure adequate immunity under RED 2014/53/EU Art. 3.1(b). For Wi-Fi and Bluetooth devices, the applicable harmonised standards are EN 301 489-1 v2.2.3 (common technical requirements) and EN 301 489-17 v3.2.4 (specific conditions for RLAN / Bluetooth broadband data transmission systems). These standards reference CISPR 32 emission limits and IEC 61000-4 immunity levels. CRC is the national authority enforcing RED EMC requirements in Bulgaria; it can request test reports and DoC documentation from importers or EU Authorised Representatives at any time.Directive 2014/53/EU (RED), Art. 3.1(b) — as transposed in Bulgaria EN 301 489-1 v2.2.3 — Electromagnetic compatibility and radio spectrum matters; common technical requirements EN 301 489-17 v3.2.4 — Specific conditions for broadband data transmission systems (RLAN / Bluetooth) |
Chinese EMC test reports to GB/T 9254.1 / GB/T 17618 cannot substitute for EN 301 489-1 + EN 301 489-17 compliance in Bulgaria. Key gaps: (1) EN 301 489-17 applies RLAN-specific duty-cycle-adjusted emission averaging and dedicated test modes not present in GB/T 9254.1; (2) EU immunity test configurations under EN 301 489-1 reference specific IEC 61000-4 severity levels that may differ from Chinese test setups; (3) CRC may request test reports citing the specific harmonised EN version — Chinese GB reports do not meet this evidential standard. Re-testing at an ILAC MRA-member or EU-accredited laboratory to EN 301 489-1 + EN 301 489-17 is required. Test reports must be retained for 10 years and made available to CRC on request.[INFORMATIONAL] RED Art. 3.1(b) EMC compliance for Wi-Fi/Bluetooth devices in Bulgaria requires EN 301 489-1 + EN 301 489-17 testing. Chinese GB/T 9254.1 / GB/T 17618 reports are not accepted. CRC may request test documentation at any time. EU-accredited laboratory re-testing is required, and reports must be referenced in the DoC and retained for 10 years. | ETSI (European Telecommunications Standards Institute)2026-06-17 · reference |
| EMC Directive 2014/30/EU — Applicability to Non-Radio EEE in Bulgaria | China does not distinguish between radio and non-radio EMC frameworks in the same manner as the EU. GB/T 9254.1-2021 covers emissions for information technology equipment generally. The CCC mandatory certification scope under CNCA-C17-01 covers both radio-enabled and wired IT equipment under the same EMC standard framework. There is no Chinese regulatory analogue to the EU distinction between RED Art. 3.1(b) and the standalone EMCD for IT/AV equipment.GB/T 9254.1-2021 — Information technology equipment; radio disturbance characteristics (SAMR/SAC) CCC CNCA-C17-01 — China Compulsory Certification for information technology equipment (SAMR/CNCA) |
For electrical or electronic products that are not radio equipment (i.e., do not contain a radio transmitter or receiver), Bulgaria applies the EMC Directive 2014/30/EU (transposed as EMCD) rather than RED. However, for the wireless/IoT device category covered by this dataset, RED 2014/53/EU is the primary applicable directive and its Art. 3.1(b) EMC essential requirement subsumes EMCD for in-scope radio equipment. Products that combine radio and non-radio functions (e.g., a smart home hub with both Wi-Fi and a wired Ethernet port) are assessed under RED for the radio elements; the non-radio elements may also need EMCD compliance if sold separately as standalone non-radio EEE. CRC enforces EMCD for non-radio EEE alongside RED enforcement for radio equipment.Directive 2014/30/EU (EMCD) — Electromagnetic Compatibility Directive; applies to EEE not covered by RED Directive 2014/53/EU (RED), Art. 3.1(b) — subsumes EMCD for radio equipment in scope EN 55032:2015+A11:2020 — Electromagnetic compatibility of multimedia equipment; emission requirements (harmonised under EMCD) |
For wireless/IoT products exported from China to Bulgaria, RED Art. 3.1(b) is the primary EMC gate and the relevant EN 301 489 series standards must be applied. If the product also contains non-radio EEE functionality sold standalone or the product is borderline for RED scope, EMCD EN 55032 compliance may additionally be needed. Manufacturers should confirm product scope under RED Article 1 before selecting the conformity assessment route. CRC enforces both RED and EMCD; incorrect directive selection is a common compliance deficiency found in market surveillance.[INFORMATIONAL] For wireless/IoT devices exported to Bulgaria, RED Art. 3.1(b) and EN 301 489 series are the mandatory EMC pathway; EMCD 2014/30/EU applies to any non-radio EEE component sold separately. Incorrect directive selection is a recognised market-surveillance risk in Bulgaria. Chinese GB/T EMC reports satisfy neither pathway. Manufacturers must confirm scope under RED Art. 1 and apply the correct harmonised standards. | EUR-Lex / Official Journal of the European Union2026-06-17 · reference |
| EU Authorised Representative / Importer — Regulation (EU) 2019/1020 + Bulgarian Labelling | China has no direct regulatory equivalent to the EU Authorised Representative obligation. Chinese manufacturers exporting to Bulgaria do not need to appoint any representative within China for EU regulatory purposes; however, they must appoint an EU-established entity (EU AR or importer) before the product enters any EU member state market. China's domestic market requires the manufacturer's Chinese address to appear on product packaging, but there is no obligation for a third-country representative structure analogous to the EU AR. Chinese CCC certificates list the manufacturer's Chinese address; this does not satisfy the EU requirement for an EU-based contact point.CCC — China Compulsory Certification; lists manufacturer's Chinese address but has no EU AR equivalent GB 191-2008 / SJ/T 11364-2014 — Chinese product labelling standards (Chinese language only) |
Under Regulation (EU) 2019/1020 (Market Surveillance Regulation), Article 4, non-EU manufacturers must have either: (a) an importer established in the EU who takes on responsibility for the product, or (b) an EU Authorised Representative (EU AR) appointed by the manufacturer before the first product enters any EU market, including Bulgaria. The EU AR must be established in an EU member state (Bulgaria qualifies, but any EU member state suffices). The EU AR's name and postal address must appear on the product itself, its packaging, or its accompanying documentation in a visible and legible way. The same requirement applies when the product is sold through online platforms into Bulgaria. An EU AR is responsible for holding the DoC and technical documentation, cooperating with CRC, and ensuring corrective action if the product is non-compliant. Bulgarian-language product labelling is a national requirement for products placed on the Bulgarian market: the product name, model identifier, manufacturer name and address, EU AR name and address, and any safety warnings must be provided in Bulgarian (Cyrillic script). DAMTN enforces labelling and general product safety requirements; CRC enforces the EU AR documentation obligation under RED.Regulation (EU) 2019/1020, Art. 4 — EU Authorised Representative obligation for non-EU manufacturers Directive 2014/53/EU (RED), Art. 10 — manufacturer obligations including DoC and technical file retention Directive 2014/53/EU (RED), Art. 11 — importer obligations Bulgarian Consumer Protection Act (Закон за защита на потребителите) — consumer protection, including Bulgarian-language labelling obligation EU General Product Safety Regulation (GPSR) (EU) 2023/988 — applies from 13 December 2024 for consumer products |
Structural gaps with no Chinese equivalent: (1) EU Authorised Representative — Chinese manufacturers without an EU importer must appoint an EU-established AR before first placement in Bulgaria or any EU market; failure renders the product non-compliant and prevents lawful customs clearance; (2) Bulgarian-language (Cyrillic) labelling — product labelling (name, model, manufacturer/EU AR contact, safety warnings, supply voltage) must include Bulgarian in Cyrillic script; English-only or Chinese-only labels are not acceptable for Bulgarian market placement; (3) DoC retention — the signed EU Declaration of Conformity must be retained for 10 years and be available to CRC on request; (4) WEEE registration — WEEE compliance scheme registration with ECOBULPACK or ELITEX (Bulgarian producer compliance organisations) is required before market placement of EEE; (5) Online platform sales — sales via e-commerce platforms into Bulgaria are subject to the same EU AR and CE marking obligations; platforms are increasingly responsible for verifying compliance under GPSR and the Digital Services Act. Manufacturers should engage an EU AR service provider and ensure Bulgarian Cyrillic translations of labelling and instructions before first shipment.[INFORMATIONAL] An EU Authorised Representative is a hard legal prerequisite for Chinese manufacturers without an EU importer selling wireless devices in Bulgaria. Bulgarian-language (Cyrillic) labelling is a national mandatory requirement beyond the EU-wide CE marking obligation. WEEE registration with ECOBULPACK or ELITEX is required before first Bulgarian market placement. Online platform sales into Bulgaria are subject to identical obligations. Failure to appoint an EU AR before first market placement is grounds for CRC product withdrawal and RAPEX notification. | EUR-Lex / Official Journal of the European Union2026-06-17 · reference |
| CE Marking — RED 2014/53/EU + CRC Market Surveillance | In China, market access for wireless devices requires SRRC Type Approval (NRA/MIIT) for the radio transmitter module and, for IT equipment such as Wi-Fi routers and IoT gateways, CCC (China Compulsory Certification) under CNCA-C17-01. A separate MIIT Network Access Licence (NAL) is required for certain telecom terminal equipment. The SAMR supervises market surveillance through its provincial bureaus. Neither SRRC nor CCC confers CE marking or satisfies RED conformity assessment obligations in Bulgaria or any EU country.SRRC Type Approval — NRA/MIIT mandatory radio licence for wireless transmitters CCC — China Compulsory Certification (CNCA-C17-01 for IT equipment) MIIT Network Access Licence (NAL) — for telecom terminal equipment |
Bulgaria is an EU member state; the Radio Equipment Directive (RED) 2014/53/EU applies directly and in full. All wireless and radio equipment placed on the Bulgarian market must bear the CE marking, backed by a signed EU Declaration of Conformity (DoC). The DoC must reference all applicable directives and harmonised standards (RED Art. 3.1(a) safety, Art. 3.1(b) EMC, Art. 3.2 radio performance, and Art. 3.3(d)-(f) cybersecurity where in scope). CRC (Communications Regulation Commission — Комисия за регулиране на съобщенията) is Bulgaria's national market surveillance authority for RED; it conducts market checks, can issue withdrawal orders, and reports non-compliant products to the EU RAPEX/Safety Gate system. DAMTN (State Agency for Metrological and Technical Surveillance — Държавна агенция за метрологичен и технически надзор) oversees general product safety market surveillance. CE marking must be affixed to the product or its packaging before placement; minimum marking height is 5 mm. Bulgarian-language (Cyrillic) labelling is required as Bulgaria's official language under EU labelling law.Directive 2014/53/EU (RED) — transposed into Bulgarian law via Ordinance No. H-5 / 2016 on Radio Equipment and related CRC implementing regulations Regulation (EU) 2019/1020 — market surveillance and conformity of products (CRC as national authority for RED; DAMTN for general product safety) Decision 768/2008/EC — CE marking conformity assessment modules Bulgarian Ordinance No. H-5 / 2016 — national transposition of RED 2014/53/EU |
CE marking under RED is a hard legal prerequisite for placing wireless devices on the Bulgarian market. SRRC and CCC are not recognised and cannot substitute. Key Bulgaria-specific points beyond the standard EU RED gap: (1) CRC actively enforces RED through market surveillance and product withdrawals; DAMTN supports general product safety enforcement; (2) Bulgarian-language (Cyrillic script) labelling is mandatory — product name, manufacturer/EU AR name and address, model identifier, and intended use where not self-evident must appear in Bulgarian; (3) Plug type C/F (Schuko) and 230 V/50 Hz must be confirmed for mains-powered devices; (4) WEEE registration with a Bulgarian producer compliance scheme (ECOBULPACK or ELITEX) is required before market placement of EEE; (5) Bulgaria is a gateway distribution hub for Balkan non-EU markets — products sold from Bulgaria into non-EU Balkan countries still require Bulgarian CE compliance at point of Bulgarian placement. Chinese manufacturers must complete the full EU RED conformity assessment (testing, DoC, CE mark, EU AR appointment) before any shipment to Bulgaria.[INFORMATIONAL] CE marking under RED 2014/53/EU is the primary market-access gate for wireless devices entering Bulgaria. CRC enforces RED nationally; DAMTN supports general product safety surveillance; non-compliant products are subject to withdrawal and RAPEX notification. SRRC and CCC are not recognised. Bulgarian-language (Cyrillic) labelling and WEEE registration with ECOBULPACK/ELITEX are additional mandatory obligations beyond the EU-wide CE marking requirement. | CRC (Communications Regulation Commission — Комисия за регулиране на съобщенията)2026-06-17 · reference |
E-E-A-T
Named editorial review
Pending named reviewer
Official regulator, standards body, notified body, customs, or primary legal source preferred. Local PDFs are not accepted.
Editorial controlsRows must include publisher, official URL, access date, verification flag, and last_verified before human_reviewed can be true.
SOURCES
Official-source register.
- EUR-Lex / Official Journal of the European Union · accessed 2026-06-17 · reference · used in 1 rows
- EUR-Lex / Official Journal of the European Union · accessed 2026-06-17 · reference · used in 1 rows
- ETSI (European Telecommunications Standards Institute) · accessed 2026-06-17 · reference · used in 1 rows
- EUR-Lex / Official Journal of the European Union · accessed 2026-06-17 · reference · used in 1 rows
- EUR-Lex / Official Journal of the European Union · accessed 2026-06-17 · reference · used in 1 rows
- CRC (Communications Regulation Commission — Комисия за регулиране на съобщенията) · accessed 2026-06-17 · reference · used in 1 rows