Risk Assessment for EU and UK Compliance

Risk Assessment for EU and UK Compliance image #1

13 Nov 2023

  • Manufacturers
  • Authorised Representatives
  • Importers
  • Distributors

Since 2016, manufacturers of products [1] declared compliant with ‘CE-marking’ EU Directives [2] have been legally required to include adequate risk assessments [3] in their Technical Documentations [4].

Remember: Creating a product’s Technical Documentation is a precondition for affixing the CE marking to it. 

Also since 2016, Authorised Representatives, Importers, and Distributors have been legally required to cooperate with the relevant competent national authorities, as regards any risks posed by the products that pass through their hands.

There’ll be many compliance experts at EMC+CI 2024 at Newbury Racecourse on May 23-24 2024, so why not meet them there and discuss what to do for the best? www.emcandci.com  

Here are some relevant links with regard to the risks of EMC compliance [5], but all of these EU Directives have the same/similar requirements.

 
i)          TGN 37 “Guidance for a Risk Assessment under Annex III of Directive 2014/30/EU”, from the EU Association of Notified Bodies (EUANB): http://www.redca.eu/EUANB%20Documents/EUANB%20TGN%2037%20Risk%20Assessment.pdf    
 
ii)         An article on the EU’s Guide to the EMCD by Alex Martin of RINA: https://incompliancemag.com/article/the-european-commissions-latest-emc-directive-guidance/
 

See section 4.3 on Technical Documentation, on page 46, where it states (my underlining):

 
“Furthermore, the requirement for an “adequate analysis and assessment of the risk(s)” does not oblige the manufacturer to conduct an additional risk assessment or to draw up additional documentation when he has applied harmonised standards, the development of which is based on an assessment of the relevant risk(s). Manufacturers may base their assessment on harmonised standards, which already include the risk analysis, but only as far as the risks are covered by that standard.” [6]
 
See Part 3 of Annex II, which states (my underlining):
 
“3. Technical documentation
The manufacturer shall establish the technical documentation. The documentation shall make it possible to assess the apparatus conformity to the relevant requirements, and shall include an adequate analysis and assessment of the risk(s).” [3]
 
v)         The UK’s Electromagnetic Compatibility Regulations 2016: https://www.legislation.gov.uk/uksi/2016/1091/pdfs/uksi_20161091_en.pdf

See page 28, where it says (my underlining):

 
“Technical documentation
4. The manufacturer must establish the technical documentation. The documentation must make it possible to assess the conformity of the apparatus to the relevant requirements, and must include an adequate analysis and assessment of the risks.” [3]

 

Trying to ‘unpack’ the above… 
 
[1]       ‘Product’
I’ve used the word ‘product’ in this blog because it is used in the EU’s Blue Guide.
 
It is important to understand that – according to the Blue Guide – this means every individual unit of production that is placed on the EU market. 
In other words, it does not matter when the product was designed or declared EU compliant, it must be compliant on the date when it was placed on the EU market.
 So, this applies to goods that have been in storage, perhaps for years; and also to pre-owned goods when they are imported into the EU.

I’ve assumed that this concept can be extended to UK/NI markets because – before BREXIT – the UK laws requiring UKCA or UKNI marking were based upon the definitions in the Blue Guide and, at least at the time of my writing this blog, I am not aware that these definitions have been changed. 
 
[2]       This blog discusses EU Directives that require the CE marking to be affixed to products, but – as of the end of August 2023 – applies equally to:
  • any EU Regulations that have replaced, or will soon replace, these Directives – including Medical Devices, Machinery Safety, etc.;
  • all UK Regulations equivalent to the above, with their UKCA and UKNI markings.
 
[3]       “….an adequate analysis and assessment of the risk(s)….”
The word ‘adequate’ is not defined in the Blue Guide, but both https://www.merriam-webster.com/dictionary/adequate and    https://dictionary.cambridge.org/dictionary/english/adequate say it means: “enough or satisfactory for a particular purpose”.
 
I take this to mean that “an adequate analysis and assessment of the risk(s)” is one that is enough or satisfactory for the purpose of managing the risks of complying with the applicable EU Directives, as required by those Directives. [5]
 
In my professional opinion: for a risk analysis and assessment to be ‘adequate’, ‘enough’ or ‘sufficient’, it must cover all reasonably foreseeable risks.
 
Then – if an accident happens or a risk otherwise becomes evident during the ownership, use or operation of a product, the courts would have to determine whether it was reasonable to expect it to have been foreseeable by anyone in the supply chain, from the manufacturer on down, if they all had access to the competencies required for discharging their responsibilities.
 
If the risk should have been reasonably foreseeable by anyone in the supply chain, from the manufacturer on down (if they all had access to…etc., as above), I would expect the courts to find the product’s risk analysis and assessment to have been inadequate.
In this situation, the manufacturer and/or anyone in the supply chain could be said to have been at fault regarding the risk analysis and assessment in the product’s Technical Documentation [4].
 
But if the risk could not have reasonably been foreseen by anyone in the supply chain, from the manufacturer on down (if they all had access to…etc., as above), I would expect the courts to find that the risk analysis and assessment in the product’s Technical Documentation [4], was adequate, even where an accident had occurred.
 
However, even where a  defendant’s risk analysis and assessment in their product’s Technical Documentation is considered to be adequate, they might still be liable to make financial payments to plaintiffs because the Product Liability Directive does not require that failure or fault be established.
 
This is known as ‘No Fault Liability’ – and I understand that case law under safety regulations has been tending to apply the same principles, at least in the UK.
 
[4]       “Technical Documentation”
The documents that are necessary for declaring compliance to the applicable CE-marking EU Directives [2], as specified in those Directives.
 
[5]       The risks of EMC compliance?
The EU’s EMC Directive EMC has nothing to do with safety – because it clearly states in its text (as it always has in previous versions) that it only applies to its Essential EMC Requirements, and that all safety issues are covered by other EU or UK/NI legislation, such as the LVD, Machinery, and Medical Device Directives.
 
To be clear: if a consequence of not being EMC compliant was that a module, subassembly, product, equipment, system, installation, etc., caused or suffered EMI that resulted in injury, death, or financial loss – if the actual injury, death, or financial loss was prosecuted this should not be under the EMC Directive [2].
 
Please remember that the Product Liability Directive and/or General Product Safety Regulations (which will soon replace the General Product Safety Directive, see https://incompliancemag.com/article/the-eus-new-product-safety-law-will-be-a-game-changer/) might apply instead/as well, but they both stand apart from the ‘CE-marking’ Directives [2].
 
To help you decide what to do in the situation where a product could reasonably foreseeably cause or suffer EMI that resulted in injury, death, or financial loss, please see: https://www.emcstandards.co.uk/legal-requirement-for-em-resilience-for-electro
 
[6]       “…but only as far as the risks are covered by that standard.” 
This is defined as meaning only as far as the risks are covered: by an Annex ZZ in that standard that covers the Essential Requirements of the Directive concerned.
 
What is Annex ZZ?
 
It used to be thought by many that complying with the EMC Directive (and most other “CE-marking” Directives) only required passing tests to all relevant harmonised standards whose references had been published in the Official Journal of the EU (OJEU, https://www.ojeu.eu/WhatIsTheOJEU.aspx).
 
However, those standards did not state which aspects of the Directives’ Essential Requirements they addressed, or to what extent they covered them. Totally unhelpful for anyone trying to apply them in a risk analysis and assessment!
 
So, since the current crop of “CE-marking” Directives and Regulations was published during or after 2014, the European Commission has insisted that it will only list new and updated harmonised standards in the OJEU if they include new Annex ZZs on “the Relationship between this European standard and the essential requirements of Directive <<insert designation here>>  aimed to be covered”.
 
An example:
EN 61000-3-3:2013+A2:2021, “EMC. Limitation of voltage changes, voltage fluctuations and flicker in public low-voltage supply systems, for equipment with rated current ≤ 16 A per phase and not subject to conditional connection”, includes two Annexes of the ‘ZZ’ type:
  • Annex ZZA covers the use of this standard when completing a risk analysis and assessment under 2014/30/EU, i.e. the EMC Directive, EMCD.
  • Annex ZZB  covers its use when completing a risk analysis and assessment under 2014/53/EU, i.e. the Radio Equipment Directive, RED.
Note: As you might expect, adding Annex ZZs to all the standards that require them has created a massive amount of work for the standards writers!
In fact, this is the main reason why the listing of harmonised standards in the OJEU is lagging so far behind the pace of the progress in the standards committees themselves (IEC, ISO, ETSI, etc.).
 
This delay means that manufacturers are increasingly having to test their products for compliance to the latest versions of IEC standards, instead of the older, unsuitable versions currently listed in the OJEU.
 
It is actually perfectly OK for an EU Declaration of Conformity to not list all the relevant harmonised standards whose references are published in the OJEU – but this is a topic for a different blog!
 
In my professional opinion, the statement in the EU’s Blue Guide, see iii) above:
“Manufacturers may base their assessment on harmonised standards, which already include the risk analysis, but only as far as the risks are covered by that standard.” …actually means that manufacturers have the option of basing their risk analyses and assessments on harmonised standards that already include Annexes of type ZZ that cover the Essential Requirements of the Directive the manufacturer aims to declare compliance to.
Sadly, in November 2023, the list of such harmonised standards is very short.  
 
In my view, it is important to understand that manufacturers should only do this to the extent that the harmonised standards actually cover the Essential Requirements!
 
We should never assume that any standard with an Annex of type ZZ to a certain Directive covers all of that Directive’s Essential Requirements that appear in our product’s risk analysis. We should always check!
 
This is a very different scenario indeed, from the ‘good old days’ of simply sending products for testing to the minimum set of harmonised standards; modifying them until they pass; filing their test certificates, completing their EU Declarations of Conformity, affixing their CE markings, and making them available on the EU market.
 
Completing the risk analyses and assessments that are now needed for EU and UK/NI compliance requires actions to be taken by the manufacturer that go way beyond the responsibility and knowledge of any test laboratory.
 
 
 
 
 

« Back to Blog