FCC Proposes to Revamp Equipment Authorization Rules, Again

Changes will update policies and procedures to accommodate developing technologies.

Among the FCC's many functions is one known to a small community of technical experts - and, of course, CommLawBlog readers: the equipment authorization program. These procedures seek to ensure that devices capable of emitting radio-frequency energy comply with the FCC's requirements as to frequency, power, and other technical properties.

The program is essential to harmony in the radio spectrum. Take your cell phone, for example. It transmits on frequencies set aside for your cell carrier. But suppose a particular model of cell phone has a design defect that causes it also to transmit on, say, the frequencies used by public safety responders. A police officer trying to summon an ambulance could find his two-way radio overpowered by nearby cell phones.

To prevent this kind of thing, the FCC writes detailed technical rules that govern the operation of devices that, in normal operation, emit radio waves; and it establishes and oversees the equipment authorization procedures that manufacturers and importers must follow to establish compliance with those rules.

These procedures, in one form or another, are almost as old as the FCC. For most of that history, they changed very slowly. But over the last 30 years, as small radio transmitters became inexpensive, ubiquitous, economically important, and increasingly sophisticated, the FCC has updated the procedures more frequently. The updates tend to be cyclical: the procedures become more elaborate over several years, then simpler, then more elaborate again. We are presently in a becoming-simpler phase. With the industry still adjusting to recently-adopted changes, the FCC has issued a detailed, 89-page Notice of Proposed Rulemaking (NPRM) to lay out the next round.

We can present only a rough summary here. People who deal with the procedures professionally know the details matter, and will want to give the full NPRM a careful review.

IMPORTANT: For an NPRM of this scope and complexity, the comment periods are brutally short. First-round comments are due just 30 days after publication in the Federal Register, and reply comments 15 days after that. While they haven't yet appeared in the Register, that could happen at any time. (Check back here for updates.) If equipment authorization is important to you or your company, we urge you to start your review early.

Consolidating Procedures
There are currently three equipment authorization procedures, variously applicable to devices capable of causing harmful interference in the spectrum, in descending order of risk:

Certification, the most rigorous procedure, requires extensive testing of the candidate device by an accredited laboratory. The results go for review to a Telecommunications Certification Body (TCB), which is empowered to issue certifications on behalf of the FCC. The device must be labeled with an FCC ID number that keys to the device's compliance information on the FCC website. Other labeling is also required.

Declaration of Conformity (DoC) requires compliance testing in an accredited lab, but the results need not be reviewed by anyone. Devices must labeled with an FCC logo. There are requirements for creating and maintaining paperwork, and for providing paperwork to end purchasers.

Verification is similar to DoC except the test lab need not be accredited, and the labeling and paperwork obligations are simpler.

The FCC proposes to consolidate the DoC and verification procedures into a single procedure to be called a Supplier's Declaration of Conformity (SDoC). Testing would not require an accredited lab, but current DoC paperwork requirements would remain in place. Labeling would follow the present verification rules.

Modular Transmitters
The manufacturer of a radio-connected device will often purchase the radio units from someone else. A tablet computer, for example, may incorporate Wi-Fi and Bluetooth components made by other companies. Since 2000, the FCC has allowed the manufacturer of a radio component to obtain a "modular certification" for just that component. The tablet manufacturer can then build in the radio without having to certify the tablet itself.

The regime has been a commercial success, although the implementation has been irregular. Ordinarily we would look to the FCC rulebook for information on modular certifications and the like. The law generally requires provisions of this kind to go through a rulemaking procedure. Nevertheless, the FCC first authorized modular certifications in 2000 not by rule, but through a public notice issued by the Office of Engineering and Technology (OET). It was not until 2007 that the FCC codified the same principles into a rule. Beginning in 2011, though, the FCC issued successive versions of an entry in OET's Knowledge Database (KDB) that significantly altered the scope of that rule. The present NPRM now seeks to again update the rules to conform to the KDB.

A quick aside: The lawyers can argue about whether rule-amendment-by-public-notice is entirely consistent with the Administrative Procedure Act. But it is vitally important that the FCC's policies and procedures keep up with developments in technology. Sometimes rule changes take too long; in those cases, public notices and waivers give the FCC alternative ways to let industry to move ahead quickly. The KDB, though, is a far less suitable vehicle. Its central purpose is to provide guidance to manufacturers, test labs, and TCBs on arcane questions relating to compliance testing, labeling, and the like. Public notices and most waivers appear in the FCC's Daily Digest, and thus are easily available to anyone interested, but there is no routine public notice of new or revised KDB entries. Industry insiders know to subscribe to a KDB RSS feed, but others may remain unaware of policy changes that could benefit them.

The 2007 rule on modular transmitters appears in Part 15 of the FCC rules, which governs unlicensed devices. The KDB entry allows limited use in the licensed services as well. The NPRM proposes to follow the KDB by moving the modular transmitter rules out of Part 15 so they can apply to any kind of transmitter that qualifies, whether licensed or not, and to transfer other provisions of the KDB entry into the rules as well, with some changes. The most important of these would require applicants to show that no feasible combination of modular transmitters in a single device would together exceed the FCC's RF exposure limits.

Software Defined Radios
In FCC parlance, a software defined radio (SDR) is a radio-based device (1) whose performance characteristics such as frequency, power, and modulation are controlled by software (2) that can be remotely changed, usually by the manufacturer or service provider. Virtually all modern radios meet part (1) of the test. A typical cell phone has hundreds of thousands of lines of software code to enable its basic functions, plus potentially millions more in the apps. While some properties of a cell phone can be updated remotely, changing its basic operating characteristics usually requires a hardware modification. For example, replacing the SIM card in some phones can change a U.S. CDMA handset into a GSM handset that operates on European standards and frequencies. If that same change could happen without swapping the SIM card, under software downloaded from afar, the phone would have to be certified as an SDR.

The FCC has allowed the certification of SDRs since 2001, subject to special rules intended to protect devices from unlawful downloads. The advantage to an SDR is the ability to download changes that, in a non-SDR, would need a new certification, but which are allowed in an SDR under simpler procedures. But there is a disadvantage as well. If the SDR manufacturer has made certain hardware changes - which can be quite minor - then subsequent software changes that alter the operating characteristics do require a new certification. This can be a deal-breaker for devices in mass production, as hardware changes are all but inevitable in the course of a long production run. Because these can make later software changes more onerous, many manufacturers choose to avoid identifying their products as SDRs, and thus forgo the advantages of making fundamental changes through remote software updates.

The FCC proposes to resolve this problem by dropping the SDR designation. All certification applications for radios that operate under control of software - not just FCC-defined SDRs - will have to explain the security measures that prevent unauthorized software changes. For most devices, we expect this will take the form of a stock paragraph in the application. Radios that previously would have been called SDRs will be free to make hardware changes like any others.

Changes to Certified Equipment
The current regime lays out four kinds of changes to certified devices:

A modification that does not increase the emissions the FCC relied on in granting the certification is a Class I change and does not require a filing with the FCC.

A modification that does increase any of those emissions, but still stays within FCC limits, is a Class II change; it requires a filing and FCC approval, but not necessarily a new certification.

A software change to an SDR that changes its operating parameters is a class III change and likewise requires a filing and approval (but not a new certification).

A non-SDR change to "the basic frequency determining and stabilizing circuitry (including clock or data rates), frequency multiplication stages, basic modulator circuit or maximum power or field strength ratings" requires a new certification.

These categories worked reasonably well in the old days of radios assembled from discrete hardware components. They make less sense now, when most radios are built from chips under software control. The FCC proposes to expand the Class II category to cover a "family of products" which can include variations that today would require a new certification. The scope of modifications that do require a new certification would be narrowed to "significant changes in the design, layout or functionality." We expect these concepts will receive further clarification as time goes on.

Responsible Party
Each certified device has a party responsible for keeping it in compliance. Initially this is the certification grantee - usually the manufacturer, but not always.

The advent of software-controlled radios, modular certifications, and other innovations have made it harder to identify the appropriate responsible party. The FCC proposes to adopt several clarifications.

Certified modular transmitters: A modular transmitter may specify certain constraints that must be observed for its certification to be valid. Typically these relate to the antenna, power supply, shielding, etc. A problem arises when the manufacturer of a host device installs a modular transmitter without adhering to the constraints. For those cases, the FCC proposes to have the manufacturer of the host apply for a new certification of the completed device, and become the responsible party. Alternatively, the maker of the modular transmitter can submit a new certification application that covers installation in the particular host device, and remain the responsible party.

Modifications by third parties: Today third parties can market a device, and even modify it, with the responsible party's permission. A third party that modifies the device without permission becomes the responsible party for the modified version. The NPRM's proposals would require a third party making changes without permission to obtain a new certification. If the responsible party consents to the change, it remains responsible for the new version. These principles would apply to both hardware and software changes.

Repair and refurbishment: The current rules do not specifically address repaired and refurbished devices. If work on the device keeps it within the original specifications, today there is no regulatory consequence. If the device no longer remains within those specifications, the present rules treat the repair or refurbishment as a modification in one of the four categories above. The proposed rules would add more rigor: a person carrying out the repair or refurbishment without permission of the original grantee will have to obtain a new certification and become the responsible party for the repaired or refurbished version - regardless of whether the device still conforms to the original specifications. Replacement of parts that do not affect device compliance, such as batteries, hard drives, or memory, doesn't count. We expect push-back on this proposal from the companies that make a business of refurbishing and reselling used electronic devices. But the people at the shopping mall who fix cracked cell phone screens will probably not be affected.

Imported devices: A large fraction of FCC-regulated devices sold in the United States are manufactured overseas. Today the responsible party, who is often the manufacturer, may likewise be overseas. This raises problems for the FCC when it finds a device on the U.S. market to be noncompliant. The proposed rules would require the certification application to include the contact information of a U.S. party responsible for compliance. A different problem arises when an overseas company ships a noncompliant product, such as a cell phone jammer, directly to a U.S. customer. The FCC can presently charge the seller with unlawful marketing and the U.S. buyer with unlawful operation. The proposed rules would add potential charges of illegal importation against both the seller and the buyer.

Other Proposals
A number of additional proposed changes are largely procedural. While important to people who deal with the rules professionally, they will have little effect on the rest of us. These include:

• streamlining the information required in certification applications;
• barring applications for certification, and updates to applications, when not required by the rules;
• codifying existing procedures for short-term confidentiality of materials in a certification application (in 45-day increments up to 180 days);
• making automatic, without need for justification, the permanent confidentiality of certain exhibits in an application;
• setting the "release date" of a certification grant (and hence starting the 30-day clock for seeking review) as the date the grant appears on the FCC website;
• expanding the permitted use of electronic labeling;
• updating certain measurement procedures;
• simplifying the paperwork for importation of FCC-regulated devices;
• modifying the need to store devices that are imported for re-export in bonded warehouses;
• increasing the number of non-certified devices that can be imported for demonstration at trade shows;
• eliminating the exemption of certain device categories from the importation requirements;
• expanding the rule that allows the importation of up to three devices for personal use to include devices in the licensed services as well as those presently allowed for unlicensed use; and
• deleting some rule sections and rearranging others so as to sensibly incorporate the above proposals.

There is a lot here to digest and not much time. We will post the comment and reply dates when they are announced.