Part 15 - Rules for unlicensed radio

FCC Part 15: Unlicensed Radio Devices Explained

Table of Contents

What Is FCC Part 15?

Part 15 of Title 47 of the Code of Federal Regulations is the section that makes modern wireless technology possible without individual operator licenses. Every WiFi router in your home, every Bluetooth earbud, every wireless keyboard, every baby monitor, and every garage door opener operates under Part 15 rules.

Before Part 15 created the framework for unlicensed operation, using radio frequencies required an individual license from the FCC. You needed a license to operate a radio transmitter, similar to how you need a license to operate a broadcast TV station today. Part 15 carved out specific frequency bands and power levels where devices could operate without individual licenses - provided the devices themselves met certain technical requirements.

The "unlicensed" label refers to the operator, not the device. You do not need a personal license to use a Part 15 device. But the device itself must be authorized by the FCC through testing and certification before it can be legally marketed in the United States.

Part 15 rules apply to two categories of devices: those that intentionally transmit radio signals (intentional radiators) and those that emit radio signals as a byproduct of their operation (unintentional radiators). The BLEShark Nano, with its WiFi and BLE transceivers, falls firmly in the intentional radiator category.

Part 15 Subparts - Intentional vs Unintentional

Part 15 is divided into several subparts, each covering different types of devices:

Subpart A - General Provisions: Definitions, administrative requirements, conditions of operation, and the fundamental operating rules that apply to all Part 15 devices.

Subpart B - Unintentional Radiators: Covers devices that generate and use RF energy internally but are not designed to emit it. Computers, monitors, LED light bulbs, and power supplies fall into this category. These devices inevitably leak some RF energy through circuit traces, cables, and enclosures. Subpart B limits how much leakage is acceptable.

Subpart C - Intentional Radiators: Covers devices specifically designed to transmit RF energy. WiFi adapters, Bluetooth modules, Zigbee radios, and remote controls are intentional radiators. This subpart defines the frequency bands, power limits, and modulation requirements for these devices.

Subpart D - Unlicensed Personal Communications Service (UPCS): Covers specific devices in the 1920-1930 MHz band, primarily used by older cordless phones.

Subpart E - Unlicensed National Information Infrastructure (U-NII): Covers devices in the 5 GHz bands used for WiFi 5 GHz and WiFi 6E. Includes specific requirements for Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC).

graph TD
    subgraph "Part 15 Structure"
        A[FCC Part 15] --> B[Subpart A - General Provisions]
        A --> C[Subpart B - Unintentional Radiators]
        A --> D[Subpart C - Intentional Radiators]
        A --> E[Subpart D - UPCS 1.9 GHz]
        A --> F[Subpart E - U-NII 5 GHz]
        C --> G[Computers, Monitors, LEDs]
        D --> H[WiFi, Bluetooth, Zigbee]
        D --> I[Remote Controls, Key Fobs]
        F --> J[WiFi 5 GHz Channels]
        F --> K[WiFi 6E - 6 GHz]
    end

Part 15 subparts and the device categories each one covers

The Two Fundamental Rules

Every Part 15 device must comply with two non-negotiable rules, stated in Section 15.5:

Rule 1 - Accept All Interference: "The operator of an intentional or unintentional radiator shall be required to cease operating the device upon notification by a Commission representative that the device is causing harmful interference." Additionally, Part 15 devices "shall accept any interference received, including interference that may cause undesired operation."

This means your WiFi network has zero legal protection against interference from other Part 15 devices. If your neighbor's WiFi, baby monitor, or microwave oven interferes with your network, you have no regulatory recourse. Part 15 devices occupy shared spectrum on a non-interference, non-protected basis.

Rule 2 - Cause No Harmful Interference: A Part 15 device "may not cause harmful interference." Harmful interference is defined as interference that "seriously degrades, obstructs, or repeatedly interrupts a radiocommunication service operating in accordance with the Radio Regulations."

This second rule is where things get interesting for security tools. Deliberately interfering with WiFi networks - even other Part 15 networks - arguably violates this rule. The FCC has enforced this interpretation against hotels and conference venues that deliberately jammed personal hotspots.

Transmit Power Limits by Band

Part 15 sets specific power limits for different frequency bands. The limits are expressed in two ways:

Conducted power: The RF power measured at the antenna connector, before the antenna adds gain.

EIRP (Effective Isotropic Radiated Power): The total radiated power including antenna gain. This represents the actual signal strength in the direction of maximum antenna gain.

For the 2.4 GHz ISM band (Section 15.247):

  • Conducted power: 1 Watt (30 dBm) maximum
  • With antenna gain: For every 1 dB of antenna gain above 6 dBi, conducted power must be reduced by 1 dB
  • Maximum EIRP with standard antenna: 4 Watts (36 dBm)
  • Point-to-point links with directional antennas: Higher EIRP allowed under certain conditions

For the 5 GHz U-NII bands (Subpart E):

  • U-NII-1 (5.15-5.25 GHz): 1W EIRP maximum, indoor use only (was 200mW before 2014 rule change)
  • U-NII-2A (5.25-5.35 GHz): 1W EIRP, DFS required
  • U-NII-2C (5.47-5.725 GHz): 1W EIRP, DFS required
  • U-NII-3 (5.725-5.85 GHz): 4W EIRP

The BLEShark Nano's ESP32-C3 operates at roughly 21 dBm (125 mW) maximum transmit power in the 2.4 GHz band - about one-eighth of the legal conducted power limit. Portable battery-powered devices typically operate well below the maximum allowed power to conserve battery life.

graph TD
    subgraph "2.4 GHz Power Budget"
        A[Transmitter Output] -->|Max 30 dBm / 1W| B[Antenna Connector]
        B -->|Cable Loss| C[Antenna Input]
        C -->|Antenna Gain up to 6 dBi| D[Radiated Signal]
        D -->|Max 36 dBm / 4W EIRP| E[Over the Air]
    end
    subgraph "BLEShark Nano Actual"
        F[ESP32-C3 Output] -->|21 dBm / 125 mW| G[PCB Antenna]
        G -->|Low Gain| H[Radiated Signal]
        H -->|Well Under Limits| I[Short Range]
    end

Legal power limits vs actual BLEShark Nano output - well within regulatory bounds

Certification Types - SDoC vs Certification

Part 15 defines two paths for equipment authorization:

Supplier's Declaration of Conformity (SDoC): For lower-risk devices, primarily unintentional radiators (Subpart B). The manufacturer or importer tests the device (or has it tested) and declares conformity. No FCC review is required. This is similar to the EU's CE marking self-declaration model.

Certification: For higher-risk devices, primarily intentional radiators (Subpart C and E). The device must be tested by an FCC-accredited Telecommunication Certification Body (TCB). The TCB reviews the test results and issues an FCC ID. The FCC ID is listed in the public FCC Equipment Authorization database.

WiFi and Bluetooth devices - including the BLEShark Nano - require full Certification with an FCC ID. The testing covers conducted power, radiated emissions, spurious emissions, occupied bandwidth, frequency stability, and band edge compliance.

What Happens When You Violate Part 15

The FCC's Enforcement Bureau handles Part 15 violations. Enforcement actions can include:

Warning letters: For first-time or minor violations, the FCC may issue a citation or warning letter requiring corrective action.

Fines (forfeitures): The FCC can impose fines for Part 15 violations. Individual fines can reach $100,000 or more per violation, with total forfeitures potentially reaching millions for ongoing violations.

Equipment seizure: The FCC can seize non-compliant equipment. This applies both to manufacturers selling uncertified devices and to operators using devices that cause harmful interference.

Injunctions: The FCC can seek federal court injunctions to stop the sale or operation of non-compliant equipment.

Notable enforcement cases include Marriott International, which was fined $600,000 in 2014 for deliberately jamming personal WiFi hotspots at the Gaylord Opryland Resort. The FCC's position was clear: deliberately interfering with WiFi signals violates Part 15, regardless of whether you own the premises.

Deauthentication and Part 15 Ambiguity

WiFi deauthentication sits in a legally ambiguous space under Part 15. Deauth frames are technically valid IEEE 802.11 management frames - they are part of the WiFi protocol specification. A device sending deauth frames is transmitting a legitimate WiFi frame type within the legal power limits of the 2.4 GHz or 5 GHz band.

However, the purpose of a deauth attack is to disconnect clients from an access point - effectively disrupting their wireless communication. The FCC's enforcement against Marriott and similar cases established that deliberately disrupting WiFi communications constitutes harmful interference under Part 15, even when the interfering signal is itself a valid WiFi frame.

The ambiguity arises because the FCC's enforcement focused on the intent and effect (disrupting communications) rather than the technical mechanism (sending valid WiFi frames). A deauth frame sent to test your own network is technically identical to one sent to disrupt someone else's network. The legality depends on authorization and intent, not on the radio signal itself.

This ambiguity is one reason the BLEShark Nano's EU firmware disables deauthentication entirely - the EU's regulatory framework treats active interference more strictly than the US does, and removing the feature eliminates the compliance question.

Conclusion

FCC Part 15 is the foundation that makes unlicensed wireless technology work. Its rules are straightforward: stay within the power limits, accept interference from others, and do not cause harmful interference yourself. The certification process ensures that devices meet these technical requirements before reaching consumers.

For security researchers, Part 15 provides clear technical boundaries but leaves some legal questions about specific uses unresolved. Understanding the actual rules - not simplified summaries - helps researchers make informed decisions about how they use wireless tools within the regulatory framework.

Get the BLEShark Nano - $36.99+
Back to blog

Leave a comment