CROSS-STANDARD public interest · Wireless / IoT device
China-to-Kazakhstan Wireless / IoT Device Compliance Gap Matrix (OTAU / EAC)
AI-compiled from official public sources — cross-checked by multiple AI models, not human-verified. Informational only; see disclaimer. Public-interest, source-linked comparison of common China wireless and IoT device documentation against Kazakhstan requirements under OTAU (Ministry of Digital Development telecom regulatory arm) and the Eurasian Economic Union (EAEU) EAC conformity framework, covering OTAU radio type approval, EAC marking under TR EAEU 037/2016 (radio equipment) and TR CU 020/2011 (EMC), electrical safety for the 220 V/50 Hz European-plug grid, local importer requirements, and Kazakhstan cybersecurity and data localization obligations.
Dataset 2026-06-11
Last verified 2026-06-17
6 rows
GAP MATRIX
Compliance Gap Matrix
| Compliance item | Common China baseline | Kazakhstan (OTAU / EAC) | Gap / action | Source + verification date |
|---|---|---|---|---|
| Cybersecurity and Data Localization — Kazakhstan GCERT Guidelines and Data Law | China has its own cybersecurity and data localization regime under the Cybersecurity Law of the PRC (2017), the Data Security Law (2021), and the Personal Information Protection Law (PIPL, 2021). China also imposes data localization requirements for certain categories of data and mandates security assessments for cross-border data transfers. For IoT and connected devices, the MIIT and relevant sector regulators may impose network security and data-handling requirements. Chinese compliance with China's domestic cybersecurity laws does not satisfy Kazakhstan's data localization law or GCERT requirements — they are independent national frameworks. Manufacturers exporting from China must separately assess Kazakhstan's data localization obligations for their device's data flows.Cybersecurity Law of the PRC (2017) — mandatory network security requirements for network operators and critical information infrastructure in China Personal Information Protection Law of the PRC (PIPL, 2021) — personal data processing and cross-border transfer requirements in China Data Security Law of the PRC (2021) — data classification, security, and cross-border data transfer restrictions in China |
Kazakhstan has enacted a data localization law requiring that personal data of Kazakhstan citizens be stored on servers physically located within Kazakhstan (Law of the Republic of Kazakhstan 'On Personal Data and Protection Thereof', as amended). This obligation applies to operators of information systems that process personal data of Kazakhstani individuals, including IoT devices and connected consumer electronics that collect, transmit, or store user data. Violations can result in blocking of access to the service or device platform in Kazakhstan. Kazakhstan's Government Computer Emergency Response Team (GCERT), operating under the Ministry of Digital Development, publishes cybersecurity guidelines and requirements for connected devices and critical information infrastructure. While there is currently no Kazakhstan-specific mandatory product security certification equivalent to the EU Cyber Resilience Act for consumer IoT, GCERT guidelines effectively set baseline expectations for devices operating on Kazakhstani networks. Connected devices must not be designed to route user data to foreign servers in circumvention of data localization obligations. Operators of public networks in Kazakhstan may require demonstration of cybersecurity compliance before approving device connectivity.Law of the Republic of Kazakhstan No. 94-V 'On Personal Data and Protection Thereof' (2013, as amended) — data localization requirement for personal data of Kazakhstani citizens Law of the Republic of Kazakhstan No. 418-V 'On Informatization' (2015, as amended) — cybersecurity and information security requirements for information systems GCERT (Government Computer Emergency Response Team of Kazakhstan) — cybersecurity guidelines for connected devices and network operators, under the Ministry of Digital Development, Innovation and Aerospace Industry |
Chinese domestic cybersecurity compliance (Cybersecurity Law, PIPL, Data Security Law) does not substitute for Kazakhstan's data localization law obligations or GCERT cybersecurity guidelines. Chinese IoT devices that transmit user data to servers located outside Kazakhstan (including servers in China) must assess whether this constitutes a violation of Kazakhstan's personal data localization law. Device manufacturers should audit their data flows and, if personal data of Kazakhstani users is processed, ensure that such data is stored within Kazakhstan or that lawful transfer mechanisms exist. GCERT guidelines should be reviewed for any applicable product-level security requirements. Unlike the EU Cyber Resilience Act, Kazakhstan currently does not mandate a formal product cybersecurity certification scheme for consumer IoT, but the data localization law creates a significant operational compliance obligation for connected devices with cloud backends.[INFORMATIONAL] Kazakhstan's data localization law requires personal data of Kazakhstani users to be stored within Kazakhstan. Connected IoT devices with cloud backends that transmit user data to servers outside Kazakhstan (including China) must assess and address this obligation. Chinese domestic cybersecurity compliance does not satisfy Kazakhstan's requirements. GCERT guidelines should be reviewed for applicable device-level cybersecurity expectations. No formal consumer IoT product security certification currently mandated in Kazakhstan, but data localization non-compliance can result in service blocking. | Ministry of Justice of the Republic of Kazakhstan — Law on Personal Data and Protection Thereof2026-06-17 · reference |
| EAC Conformity — TR EAEU 037/2016 Radio Equipment (EAEU Single Market) | China does not participate in the EAEU and does not have a direct national equivalent to TR EAEU 037/2016. The closest Chinese parallel for radio equipment is SRRC type approval (for radio transmission equipment under MIIT), which covers spectrum conformity but uses Chinese technical standards (e.g., GB 15629.11 for Wi-Fi, YBT series for Bluetooth). CCC certification covers electrical safety and some EMC aspects. CE marking (EU) is sometimes confused with EAC marking but they are entirely separate regimes. Neither CCC, SRRC, nor CE substitutes for EAC marking under TR EAEU 037/2016.SRRC Radio Type Approval — State Radio Regulatory Commission of China (MIIT), mandatory for radio transmission equipment sold in China GB 15629.11 — Information technology — LAN/MAN (Wi-Fi / WLAN standard, China) CCC (China Compulsory Certification) — CNCA, covers electrical safety and partial EMC for in-scope products |
Radio equipment placed on the Eurasian Economic Union (EAEU) market — which includes Kazakhstan, Russia, Belarus, Armenia, and Kyrgyzstan — must comply with Technical Regulation of the EAEU TR EAEU 037/2016 'On the safety of radio equipment' and carry the EAC (Eurasian Conformity — Евразийское соответствие) mark. TR EAEU 037/2016 covers radio transmitters and receivers, Wi-Fi access points, Bluetooth devices, IoT modules, and wireless sensor devices. Conformity assessment may be carried out via type examination by a notified body (certification) or manufacturer's declaration of conformity for lower-risk categories. Test reports must be issued by accredited EAEU laboratories. The EAC mark followed by the CU/EAC symbol must appear on the product and packaging. EAC certificates are issued by accredited certification bodies recognised by the Eurasian Economic Commission (EEC). The EAC certificate or declaration of conformity must name a legal entity registered in an EAEU member state as the declarant or certificate holder.TR EAEU 037/2016 — Technical Regulation of the Eurasian Economic Union 'On the safety of radio equipment' (Decision of the EEC Council No. 38, 22 June 2016) EAC (Eurasian Conformity) marking requirements — Eurasian Economic Commission (EEC) Decision of the EEC Council No. 41 (2013) — Unified list of products subject to mandatory conformity assessment in the EAEU |
TR EAEU 037/2016 EAC conformity marking is mandatory for all radio equipment sold in any EAEU member state, including Kazakhstan. Chinese SRRC, CCC, and CE documentation do not satisfy EAEU requirements. The manufacturer or EAEU-registered legal entity must obtain an EAC certificate from an accredited EAEU certification body, supported by test reports from EAEU-accredited laboratories. The EAC certificate must be registered in the Unified Register of Certificates of Conformity of the EAEU. Additionally, in Kazakhstan, this EAC marking requirement runs in parallel with (and does not replace) the OTAU national type approval requirement. Products must satisfy both before being placed on the Kazakhstan market.[INFORMATIONAL] TR EAEU 037/2016 EAC conformity marking is mandatory for all radio and wireless devices sold in Kazakhstan and other EAEU member states. Chinese SRRC, CCC, and CE documentation do not satisfy this requirement. An EAC certificate from an accredited EAEU certification body, with EAEU-lab test reports, is required. Note that in Kazakhstan this EAC requirement is additional to OTAU type approval — both must be satisfied. | Eurasian Economic Commission (EEC) — Decision of the EEC Council No. 382026-06-17 · reference |
| EAC Conformity — TR CU 020/2011 Electromagnetic Compatibility (EAEU Single Market) | China's mandatory EMC regime for electronic and electrical equipment is enforced through the CCC (China Compulsory Certification) scheme using standards GB/T 9254 (for Information Technology Equipment — ITE emission, aligned with CISPR 22/32) and GB 17625.1 (harmonic current emissions, aligned with IEC 61000-3-2). For wireless devices, EMC is also partly covered under SRRC type approval and MIIT NAL testing. Chinese EMC certification to GB/T 9254 and GB 17625.1 is conducted by CNCA-designated testing laboratories and does not substitute for EAEU EMC conformity testing under TR CU 020/2011, which uses GOST standards aligned with CISPR and IEC 61000 series.GB/T 9254 — Information Technology Equipment — Radio disturbance characteristics — Limits and methods of measurement (CCC, aligned with CISPR 22/32) GB 17625.1 — Electromagnetic compatibility — Limits for harmonic current emissions (CCC, aligned with IEC 61000-3-2) CCC (China Compulsory Certification) — CNCA, mandatory EMC certification for in-scope IT and AV equipment sold in China |
Electrical and electronic equipment placed on the EAEU market must comply with Technical Regulation of the Customs Union TR CU 020/2011 'Electromagnetic compatibility of technical devices', which sets mandatory EMC requirements including emission limits and immunity levels. Compliance is required for virtually all electronic equipment that generates or is susceptible to electromagnetic interference, covering both intentional and unintentional radiators. Conformity assessment under TR CU 020/2011 for wireless and IoT devices typically follows the certification route (type examination by an accredited body), though a declaration of conformity route exists for some equipment categories. EAC marking for TR CU 020/2011 must appear on the product alongside any other applicable EAC marks (e.g., TR EAEU 037/2016 for radio, and electrical safety TRs). Test reports must be from EAEU-accredited EMC testing laboratories.TR CU 020/2011 — Technical Regulation of the Customs Union 'Electromagnetic compatibility of technical devices' (Decision of the CU Commission No. 879, 9 December 2011) GOST 32137-2013 — Electromagnetic compatibility; GOST series aligned with IEC CISPR publications for emission and immunity test methods applicable under TR CU 020/2011 |
Chinese CCC EMC certification (GB/T 9254, GB 17625.1) does not satisfy EAEU TR CU 020/2011 requirements. TR CU 020/2011 uses GOST standards aligned with the CISPR and IEC 61000 series, but the conformity assessment must be conducted under the EAEU framework by an EAEU-accredited laboratory and certified by an accredited EAEU certification body. While the underlying technical requirements may be broadly similar (both draw on CISPR and IEC 61000 methods), the test reports and conformity documentation must originate from EAEU-accredited entities to be valid for EAC marking. Products must carry a combined EAC marking covering both TR CU 020/2011 (EMC) and TR EAEU 037/2016 (radio) before market entry in Kazakhstan.[INFORMATIONAL] TR CU 020/2011 EAC conformity (EMC) is mandatory for all electronic equipment sold in Kazakhstan and other EAEU member states. Chinese CCC EMC documentation does not substitute. EAEU-accredited lab testing and certification body issuance of an EAC certificate is required. Products must display a combined EAC mark covering both the radio (TR EAEU 037/2016) and EMC (TR CU 020/2011) technical regulations. | Eurasian Economic Commission (EEC) — Decision of the CU Commission No. 8792026-06-17 · reference |
| Electrical Safety — EAC / GOST / IEC 62368-1 for 220 V / 50 Hz European-Plug Grid (Type C/F) | China's mandatory electrical safety standard for information technology equipment is GB 4943.1 (aligned with IEC 60950-1), enforced through CCC certification. A newer standard GB/T 42315 (aligned with IEC 62368-1) has been published. China uses a 220 V / 50 Hz grid (compatible with Kazakhstan's voltage) but uses Type A and Type I plugs (distinct from Kazakhstan's Type C/F). CCC electrical safety certification to GB 4943.1 does not substitute for EAEU TR EAEU 004/2011 conformity under GOST IEC 62368-1. Chinese plug-form products may require an adapter or plug change for the Kazakhstan Type C/F market.GB 4943.1 — Safety of information technology equipment — Part 1: General requirements (CCC mandatory, aligned with IEC 60950-1) GB/T 42315 — Safety requirements for audio/video, information and communication technology equipment (aligned with IEC 62368-1, adoption timeline to be verified with CNCA) China grid: 220 V / 50 Hz; Plug type A (flat two-pin) and I (oblique flat three-pin) |
Kazakhstan operates on a 220 V / 50 Hz electrical grid and uses Type C and Type F (Schuko-compatible) plugs — the European and Soviet-legacy standard. Electrical safety for electronic and electrical equipment placed on the EAEU market (including Kazakhstan) is governed by TR EAEU 004/2011 'On the safety of low-voltage equipment'. Wireless and IoT consumer devices with mains-connected power supplies are within scope. The applicable safety standard under TR EAEU 004/2011 for audio/video, IT and communication technology equipment is GOST IEC 62368-1 (the EAEU adoption of IEC 62368-1), which has superseded GOST IEC 60950-1. Conformity assessment requires testing by a KazInMetr-accredited or EAEU-accredited safety laboratory and certification by an accredited EAEU conformity assessment body. Chinese products designed for 220 V may have a voltage compatibility advantage, but the plug type (Type A/C in China vs. Type C/F in Kazakhstan) and the certification framework are different and require separate assessment.TR EAEU 004/2011 — Technical Regulation of the Eurasian Economic Union 'On the safety of low-voltage equipment' (Decision of the CU Commission No. 798, 16 August 2011) GOST IEC 62368-1 — Audio/video, information and communication technology equipment — Part 1: Safety requirements (EAEU adoption of IEC 62368-1) Kazakhstan grid: 220 V / 50 Hz; Plug type C (Europlug) and F (Schuko) — CEE 7/4 and CEE 7/5 |
Chinese CCC electrical safety certification (GB 4943.1) does not substitute for EAEU TR EAEU 004/2011 conformity under GOST IEC 62368-1. While China and Kazakhstan both use 220 V / 50 Hz, the plug standard differs (Type A/I in China; Type C/F in Kazakhstan), requiring product adaptation. The conformity assessment must be conducted under the EAEU framework by a KazInMetr-accredited or EAEU-accredited safety laboratory. An EAC certificate covering TR EAEU 004/2011 must be obtained. Products must display the EAC mark covering all applicable EAEU technical regulations (TR EAEU 004/2011 safety, TR EAEU 037/2016 radio, TR CU 020/2011 EMC). The shift from GOST IEC 60950-1 to GOST IEC 62368-1 mirrors the global transition from IEC 60950-1 to IEC 62368-1, but new test reports to the EAEU version are required regardless of prior testing.[INFORMATIONAL] EAC conformity under TR EAEU 004/2011 (electrical safety, GOST IEC 62368-1) is mandatory for mains-powered wireless and IoT devices sold in Kazakhstan. Chinese CCC / GB 4943.1 certification does not substitute. Products must also adapt plug configuration from Chinese Type A/I to Kazakhstan Type C/F. Combined EAC marking covering safety, radio, and EMC technical regulations is required. | Eurasian Economic Commission (EEC) — Decision of the CU Commission No. 7982026-06-17 · reference |
| Local Importer / Authorised Dealer Requirement — Kazakhstan and EAEU | For products sold within China, there is generally no requirement for a separate local importer entity as a condition of CCC certification — Chinese manufacturers can obtain CCC certification directly. For exports, Chinese regulations do not impose a symmetric requirement on the export side. However, for products exported to Kazakhstan, the Chinese exporter must partner with a Kazakhstan-registered importer or authorised dealer who will serve as the EAC certificate holder and OTAU type approval applicant. This is a one-way obligation: the Kazakhstan/EAEU market requires a local entity; China's domestic CCC scheme does not have an equivalent requirement for foreign goods entering China under the same structure.CCC (China Compulsory Certification) — CNCA: Chinese manufacturers apply directly; no local-entity equivalent required for foreign goods entering China under a mirrored structure China Customs — Import/export declarations required but no mandatory local-representative registration equivalent to EAEU declarant requirement |
Under the EAEU conformity assessment framework, an EAC certificate of conformity or declaration of conformity must name a legal entity registered in an EAEU member state (Kazakhstan, Russia, Belarus, Armenia, or Kyrgyzstan) as the declarant or certificate holder. A non-EAEU manufacturer (such as a Chinese OEM or brand) cannot hold an EAC certificate directly — it must appoint an EAEU-registered importer, authorised representative, or local dealer to act as the declarant. In Kazakhstan specifically, the importer must be registered with the State Revenue Committee (customs registration) and may also be required to register the product with relevant authorities for certain categories. The local importer bears legal responsibility for the conformity of the product with applicable EAEU technical regulations and for any market-surveillance obligations. For OTAU type approval, a Kazakhstan-registered legal entity must also act as the applicant or approval holder. Distributors acting as importers must maintain technical documentation and conformity records for inspection by the relevant state control bodies.EAEU Treaty on the Eurasian Economic Union (2014) — establishes the EAEU single market and conformity assessment framework requiring an EAEU-registered declarant Decision of the EEC Council No. 41 (2013) — Unified list of products and conformity assessment forms under the EAEU Law of the Republic of Kazakhstan No. 567-II 'On Communications' (as amended) — requires a Kazakhstan-registered entity as OTAU type approval applicant |
A Chinese manufacturer or brand cannot hold an EAC certificate directly and cannot be the OTAU type approval applicant in Kazakhstan. A Kazakhstan-registered (or other EAEU-registered) legal entity must be established or appointed as the local importer, authorised representative, or distributor. This entity assumes legal liability for conformity, market surveillance, and post-market obligations. This is a structural gap requiring commercial and legal setup before products can enter the Kazakhstan market — it is not a gap that can be closed by product testing or documentation alone. Cost and timeline for establishing or finding a local importer should be factored into Kazakhstan market entry planning.[INFORMATIONAL] A Chinese manufacturer cannot hold an EAC certificate or OTAU type approval directly. A Kazakhstan-registered (or other EAEU-registered) local importer or authorised representative is mandatory and bears legal responsibility for product conformity. This commercial-legal setup must be arranged before Kazakhstan market entry and cannot be substituted by product testing or certification alone. | Eurasian Economic Commission (EEC)2026-06-17 · reference |
| OTAU Radio Type Approval — Kazakhstan Telecom Terminal Equipment | Chinese wireless devices are subject to SRRC (State Radio Regulatory Commission of China) radio type approval for radio transmission modules and equipment, administered under MIIT. Devices using Wi-Fi, Bluetooth, and other radio frequencies must obtain an SRRC approval number before sale in China. Terminal equipment (routers, modems, cellular devices) additionally requires a MIIT Network Access License (NAL). Chinese SRRC approval and NAL are not recognised by OTAU and do not substitute for Kazakhstan type approval. Test data generated to Chinese standards (GB 15629.11 for Wi-Fi, YD/T series for cellular) may in some cases be referenced in OTAU submissions but full re-evaluation by a KazInMetr-accredited laboratory is typically required.SRRC Radio Type Approval — State Radio Regulatory Commission of China (MIIT), mandatory for radio transmission equipment sold in China MIIT Network Access License (NAL) — Ministry of Industry and Information Technology, mandatory for telecom terminal equipment sold in China GB 15629.11 — Information technology — Telecommunications and information exchange between systems — LAN/MAN (Wi-Fi, WLAN) |
All radio and telecommunications terminal equipment placed on the Kazakhstan market must obtain type approval from OTAU (the telecom regulatory arm of the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan, formerly operating as RCC / KICS). OTAU type approval is a Kazakhstan-specific requirement separate from and additional to the EAEU-wide EAC conformity marking. Applicants must submit technical documentation, test reports from accredited laboratories (including KazInMetr — the Kazakh Institute of Metrology), and a conformity declaration. Approved devices receive a registration number issued by OTAU. Wi-Fi (2.4 GHz and 5 GHz), Bluetooth, Zigbee, Z-Wave, cellular, and other radio-frequency devices are all within scope. The approval must be in place before the product is imported and sold in Kazakhstan.Law of the Republic of Kazakhstan No. 567-II 'On Communications' (as amended) — establishes mandatory type approval for telecom terminal and radio equipment Rules on Type Approval of Telecommunications Equipment — approved by the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan OTAU (formerly RCC / KICS) — Radiofrequency Spectrum Management Committee under the Ministry of Digital Development |
Chinese SRRC approval and MIIT NAL are not recognised by OTAU and cannot be used as substitutes for Kazakhstan type approval. A separate OTAU type approval application must be filed in Kazakhstan, supported by test reports from a KazInMetr-accredited laboratory. The OTAU process evaluates spectrum use, radio parameters, and conformity with Kazakhstan national and EAEU technical requirements. Products sold in Kazakhstan without valid OTAU type approval are subject to market withdrawal, customs seizure, and administrative penalties. Timeline for OTAU type approval varies but is typically 2–4 months depending on product complexity and submission completeness.[INFORMATIONAL] OTAU type approval is mandatory for all Wi-Fi, Bluetooth, cellular, and IoT radio devices sold in Kazakhstan. Chinese SRRC approval does not substitute. A dedicated OTAU application with KazInMetr-accredited test reports is required. This approval is in addition to (not instead of) the EAEU-wide EAC conformity marking. | OTAU — Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan2026-06-17 · reference |
E-E-A-T
Named editorial review
Pending named reviewer
Official regulator, standards body, notified body, customs, or primary legal source preferred. Local PDFs are not accepted.
Editorial controlsRows must include publisher, official URL, access date, verification flag, and last_verified before human_reviewed can be true.
SOURCES
Official-source register.
- Ministry of Justice of the Republic of Kazakhstan — Law on Personal Data and Protection Thereof · accessed 2026-06-17 · reference · used in 1 rows
- Eurasian Economic Commission (EEC) — Decision of the EEC Council No. 38 · accessed 2026-06-17 · reference · used in 1 rows
- Eurasian Economic Commission (EEC) — Decision of the CU Commission No. 879 · accessed 2026-06-17 · reference · used in 1 rows
- Eurasian Economic Commission (EEC) — Decision of the CU Commission No. 798 · accessed 2026-06-17 · reference · used in 1 rows
- Eurasian Economic Commission (EEC) · accessed 2026-06-17 · reference · used in 1 rows
- OTAU — Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan · accessed 2026-06-17 · reference · used in 1 rows