What serialization is
Serialization is the assignment of a unique identifier to every shipped device. The identifier might be a:
- Serial number (your scheme)
- MAC address (IEEE OUI assigned)
- UID from the chip silicon
- Combination
Every shipped unit has a unique identifier that maps back to its production batch, firmware version, test results, and provisioning data.
Without serialization
A connected device without serialization is a faceless unit in a fleet. Operations cannot:
- Track which units have which firmware version
- Apply security updates selectively
- Honor warranty by serial
- Investigate field failures by lot
- Comply with regulatory tracking obligations
Field failures and security incidents become harder to investigate. Warranty becomes blanket-cost rather than serial-specific.
CRA expectations
The Cyber Resilience Act expects manufacturers to know what they shipped and to support security updates over the device lifetime. This requires per-unit identity tied to firmware version.
Without serialization, the CRA obligations are difficult to discharge.
What good serialization looks like
- Unique identifier per unit, never reused
- Identifier assigned at production, not in the field
- Identifier physically labeled on the device (DataMatrix, QR, or printed serial)
- Identifier electronically readable (over UART, USB, or wireless)
- Production database links identifier to firmware hash, batch, test result, provisioning data
- Identifier survives the device lifetime (no rotation, no reuse)
Identifier choices
Serial number (your scheme): simplest, but you have to design it. Common pattern: country code + product code + year + sequence (e.g., EUDV2407-000123).
MAC address: IEEE OUI is assigned to the manufacturer, then internal sequence allocates per-device MACs. Useful for devices with Ethernet or Wi-Fi. MAC address is unique, structured, and globally-recognized.
Chip UID: most modern chips have a unique factory-assigned UID. Unique, but not under your control and may not survive chip family migration.
Combination: serial + MAC + UID logged together gives multiple ways to identify a unit.
Labeling
The serial appears on the device:
- Printed (basic)
- 1D barcode
- 2D barcode (QR or GS1 DataMatrix, preferred for industrial)
Label material survives the device lifetime: polyimide for boards, polyester for finished products.
Label placement is on the assembly drawing. After final test, before pack.
Production logging
Per unit, log:
- Serial
- MAC, UID, or other identity
- Board batch and lot
- Component lot for critical components
- Firmware version and hash
- Provisioning timestamp and certificate fingerprint
- Test result vector
- Final QC pass timestamp
- Shipment batch and date
This is the audit trail that supports warranty, security updates, and regulatory compliance.
Common pitfalls
- Serials issued by the manufacturer but not reported to the buyer
- Serials reused across batches (not unique)
- Serial label placed before final test (mislabeled rework risk)
- Serial label material that fades or peels in the field
- Serial logged in production but not exported to the buyer
- No link between serial and firmware version
What to ask your manufacturer
- "What identifier scheme do you support?"
- "Can the identifier scheme be ours, or is it yours?"
- "How is the per-unit data exported to us?"
- "What is the retention policy for production data?"
- "Can I query by serial 5 years from now?"
The answers should be specific.