Does the CRA replace the Radio Equipment Directive for smart home devices?

No. Regulation (EU) 2024/2847 is complementary. The RED covers radio spectrum and electromagnetic compatibility. The CRA covers cybersecurity. Article 12 addresses products subject to other Union legal acts — a single set of technical documentation covering both is allowed under Art. 31.3, but the cybersecurity content must conform to Annex VII.

Is a smart thermostat Default or Important Class I?

Annex III point 17 lists "smart home products with security functionalities" as Class I. A thermostat that controls heating without security functionalities (no access control, no surveillance, no alarm) is typically a Default product. A thermostat integrated with a home alarm system may fall under Class I. Use the free CRACheck classifier.

Do I need a notified body for CRA conformity assessment?

For Default products: no. Module A self-assessment under Art. 32.1(a) applies. For Important Class I without harmonised standards: yes, Art. 32.2 requires Module B+C or Module H assessment by a notified body. For Class II: Art. 32.3 always requires a notified body.

Can I combine the CRA declaration of conformity with my RED declaration?

Article 28.2 of Regulation (EU) 2024/2847 allows a combined declaration. The CRA declaration must contain all elements listed in Annex V. CRACheck generates the CRA-specific declaration — you or your legal team can merge it with your existing RED/LVD declaration.

What language must the documentation be in?

Art. 31.4 requires documentation in an official language acceptable to the notified body. For Default products using Module A, there is no notified body — English is widely accepted. CRACheck generates documents in English.

Is this a subscription?

No. One-time payment. 30 days editing, 10 regenerations. PDF yours permanently.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent. Refunds only for reproducible technical failures.

What if the regulation changes?

Regenerate at no additional cost during licence validity.

Your smart home devices already carry CE marking for the Radio Equipment Directive and the Low Voltage Directive. Regulation (EU) 2024/2847 adds a third layer: cybersecurity requirements under Annex I and separate technical documentation under Annex VII. Your existing CE dossier does not cover this. CRACheck generates the missing documentation.

The CE marking on your smart thermostat covers radio spectrum (RED 2014/53/EU) and electrical safety (LVD 2014/35/EU). From 11 December 2027, it must also cover the essential cybersecurity requirements of Annex I of Regulation (EU) 2024/2847. Article 31 requires separate technical documentation under Annex VII — this is not the same document as your RED technical file. Your EU distributor will need both. CRACheck generates the CRA documentation: 8 PDFs, 15-25 minutes, €149. Browser-side — your product data stays on your device.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

3 layers

CE marking for smart home: LVD + RED + CRA. Each requires separate technical documentation.

Annex VII

8-section technical documentation specific to cybersecurity. Not covered by your RED technical file.

€149

Per product. CRACheck generates the CRA documentation layer. Your RED lab handles the rest.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Audit your current CE dossier

Identify which directives your smart home device currently covers: LVD, EMC, RED, RoHS. The CRA adds a new layer. It does not replace the existing ones.

Classify under CRA

Use the CRACheck classifier. Smart home products with security functionalities (cameras, locks, alarms, baby monitors) are Important Class I under Annex III point 17. General smart home devices (thermostats, LED controllers) are typically Default.

Generate CRA dossier

Enter your product's cybersecurity data: firmware update mechanism, vulnerability handling process, network interfaces, data protection measures, support period. 15-25 minutes.

Download and integrate

CRACheck generates 8 PDFs. Add them to your existing CE technical file. Article 31.3 allows a single technical documentation set covering all applicable Union legal acts.

Update your EU Declaration of Conformity

Your existing DoC must now also reference Regulation (EU) 2024/2847. CRACheck generates the CRA-specific declaration per Annex V.

Inform your EU importer

Send the updated documentation package. Under Art. 19, the importer must verify CRA documentation before placing your product on the market.

Common mistakes

❌

ART. 31.3

"Our RED technical file already covers cybersecurity"

The Radio Equipment Directive 2014/53/EU delegated act on cybersecurity (Regulation (EU) 2022/30) addresses some security requirements for radio equipment. Regulation (EU) 2024/2847 goes further: it requires a complete cybersecurity risk assessment (Art. 13.2), vulnerability handling processes (Annex I Part II), SBOM (Annex VII point 2(b)) and coordinated vulnerability disclosure policy. These are not in your RED file.

❌

ANNEX III

"Smart home devices are simple products — they do not need special assessment"

Annex III point 17 of Regulation (EU) 2024/2847 explicitly lists "smart home products with security functionalities, including smart door locks, security cameras, baby monitoring systems and alarm systems" as Important Class I products. If your product falls in this category and you have not applied harmonised standards, you need conformity assessment by a notified body under Art. 32.2.

❌

ART. 30

"We just add CRA to our existing CE declaration — one document"

Article 30.3 of Regulation (EU) 2024/2847 states that the CE marking is affixed before the product is placed on the market and must cover all applicable Union legislation. You keep one CE mark, but the declaration of conformity must now list Regulation (EU) 2024/2847 alongside RED, LVD and EMC. The technical documentation under Annex VII is separate and additional.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Determines CRA category. Smart cameras/locks = Class I. Smart thermostats = typically Default.

Technical Documentation

Art. 31 + Annex VII. The cybersecurity documentation your CE dossier is missing.

Risk Assessment

Art. 13.2-13.3. Cybersecurity-specific risk analysis mapped to Annex I Part I.

User Information

Annex II. Cybersecurity instructions for the end user. Separate from your RED user manual.

Declaration of Conformity

Art. 28 + Annex V. CRA-specific declaration. Merge reference into your combined DoC.

CVD Policy

Coordinated Vulnerability Disclosure policy.

Notification Template

Art. 14 notification pre-structured. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

CRA dates mapped to your existing CE compliance timeline.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 CE TESTING LAB — CRA ADD-ON

€5,000–€12,000

If your lab offers CRA services. Many do not yet.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history