CE Marking CRA Smart Home China Exporter

Key numbers

3 layers

CE marking for smart home: LVD + RED + CRA. Each requires separate technical documentation.

Annex VII

8-section technical documentation specific to cybersecurity. Not covered by your RED technical file.

€149

Per product. CRACheck generates the CRA documentation layer. Your RED lab handles the rest.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Audit your current CE dossier

Identify which directives your smart home device currently covers: LVD, EMC, RED, RoHS. The CRA adds a new layer. It does not replace the existing ones.

Classify under CRA

Use the CRACheck classifier. Smart home products with security functionalities (cameras, locks, alarms, baby monitors) are Important Class I under Annex III point 17. General smart home devices (thermostats, LED controllers) are typically Default.

Generate CRA dossier

Enter your product's cybersecurity data: firmware update mechanism, vulnerability handling process, network interfaces, data protection measures, support period. 15-25 minutes.

Download and integrate

CRACheck generates 8 PDFs. Add them to your existing CE technical file. Article 31.3 allows a single technical documentation set covering all applicable Union legal acts.

Update your EU Declaration of Conformity

Your existing DoC must now also reference Regulation (EU) 2024/2847. CRACheck generates the CRA-specific declaration per Annex V.

Inform your EU importer

Send the updated documentation package. Under Art. 19, the importer must verify CRA documentation before placing your product on the market.

Common mistakes

❌

ART. 31.3

"Our RED technical file already covers cybersecurity"

The Radio Equipment Directive 2014/53/EU delegated act on cybersecurity (Regulation (EU) 2022/30) addresses some security requirements for radio equipment. Regulation (EU) 2024/2847 goes further: it requires a complete cybersecurity risk assessment (Art. 13.2), vulnerability handling processes (Annex I Part II), SBOM (Annex VII point 2(b)) and coordinated vulnerability disclosure policy. These are not in your RED file.

❌

ANNEX III

"Smart home devices are simple products — they do not need special assessment"

Annex III point 17 of Regulation (EU) 2024/2847 explicitly lists "smart home products with security functionalities, including smart door locks, security cameras, baby monitoring systems and alarm systems" as Important Class I products. If your product falls in this category and you have not applied harmonised standards, you need conformity assessment by a notified body under Art. 32.2.

❌

ART. 30

"We just add CRA to our existing CE declaration — one document"

Article 30.3 of Regulation (EU) 2024/2847 states that the CE marking is affixed before the product is placed on the market and must cover all applicable Union legislation. You keep one CE mark, but the declaration of conformity must now list Regulation (EU) 2024/2847 alongside RED, LVD and EMC. The technical documentation under Annex VII is separate and additional.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Determines CRA category. Smart cameras/locks = Class I. Smart thermostats = typically Default.

Technical Documentation

Art. 31 + Annex VII. The cybersecurity documentation your CE dossier is missing.

Risk Assessment

Art. 13.2-13.3. Cybersecurity-specific risk analysis mapped to Annex I Part I.

User Information

Annex II. Cybersecurity instructions for the end user. Separate from your RED user manual.

Declaration of Conformity

Art. 28 + Annex V. CRA-specific declaration. Merge reference into your combined DoC.

CVD Policy

Coordinated Vulnerability Disclosure policy.

Notification Template

Art. 14 notification pre-structured. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

CRA dates mapped to your existing CE compliance timeline.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 CE TESTING LAB — CRA ADD-ON

€5,000–€12,000

If your lab offers CRA services. Many do not yet.

✓ CRACHECK

€149

8 documents. 15-25 min. Complements your existing CE dossier. Pack 10: €99/product. Pack 30: €79/product.

Two layers

● LAYER 1

What CRACheck does

Generates the Annex VII cybersecurity documentation layer that your existing CE dossier does not include. 8 documents. Compatible with your RED/LVD technical file structure.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not perform EMC testing, radio spectrum measurements, LVD safety testing or any physical product testing. It generates the cybersecurity documentation required by the CRA. Your existing CE lab handles the other directives.

We add the cybersecurity documentation layer. Your CE lab handles the rest.

Enforcement regime

Article 64 of Regulation (EU) 2024/2847.

🔴

Non-compliance with Annex I + Art. 13/14 (Art. 64(2))

€15,000,000 / 2.5%

Art. 64.2.

🟠

Non-compliance with Art. 31 documentation, Art. 28 declaration, Art. 32 (Art. 64(3))

€10,000,000 / 2%

Art. 64.3.

🟡

Incorrect or misleading information (Art. 64(4))

€5,000,000 / 1%

Art. 64.4.

Alternatives

Criterion	CE testing lab CRA add-on	Assume RED covers cybersecurity	Wait for harmonised standards	CRACheck
Cost	€5,000–€12,000	€0	€0 now	€149
Result	If available. Many labs developing CRA capability.	Incorrect. Annex VII is separate. Risk of non-compliance.	Standards may not be ready by Dec 2027. Art. 32.1(a) allows self-assessment for Default.	8 docs. 15-25 min. Works now, before standards are published.

Your smart home catalogue has more than one product?

Each smart home device needs its own CRA dossier. A thermostat, a camera and a smart lock are three products, three licences. Volume pricing: €99/product (10-pack), €79/product (30-pack).

Request Volume Pricing

Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Does the CRA replace the Radio Equipment Directive for smart home devices?

No. Regulation (EU) 2024/2847 is complementary. The RED covers radio spectrum and electromagnetic compatibility. The CRA covers cybersecurity. Article 12 addresses products subject to other Union legal acts — a single set of technical documentation covering both is allowed under Art. 31.3, but the cybersecurity content must conform to Annex VII.

Is a smart thermostat Default or Important Class I?

Annex III point 17 lists "smart home products with security functionalities" as Class I. A thermostat that controls heating without security functionalities (no access control, no surveillance, no alarm) is typically a Default product. A thermostat integrated with a home alarm system may fall under Class I. Use the free CRACheck classifier.

Do I need a notified body for CRA conformity assessment?

For Default products: no. Module A self-assessment under Art. 32.1(a) applies. For Important Class I without harmonised standards: yes, Art. 32.2 requires Module B+C or Module H assessment by a notified body. For Class II: Art. 32.3 always requires a notified body.

Can I combine the CRA declaration of conformity with my RED declaration?

Article 28.2 of Regulation (EU) 2024/2847 allows a combined declaration. The CRA declaration must contain all elements listed in Annex V. CRACheck generates the CRA-specific declaration — you or your legal team can merge it with your existing RED/LVD declaration.

What language must the documentation be in?

Art. 31.4 requires documentation in an official language acceptable to the notified body. For Default products using Module A, there is no notified body — English is widely accepted. CRACheck generates documents in English.

Is this a subscription?

No. One-time payment. 30 days editing, 10 regenerations. PDF yours permanently.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent. Refunds only for reproducible technical failures.

What if the regulation changes?

Regenerate at no additional cost during licence validity.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act — full text

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.