Annex III lists 19 categories of Important Class I products and 4 categories of Class II. If your product falls in Class I, you must determine whether harmonised standards under Regulation (EU) 2024/2847 have been published and whether you have applied them fully. If yes: Module A self-assessment. If no: notified body assessment. Either way, Article 31 and Annex VII require technical documentation. CRACheck generates 8 PDF documents covering all Annex VII sections. 15-25 minutes. €149. The documentation is the same regardless of which assessment route applies. Browser-side.
€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side
The documentation obligation is the same for all Class I products. The assessment route depends on harmonised standard availability.
The documentation obligation is the same for all Class I products. The assessment route depends on harmonised standard availability.
Not always. Article 32.2 first subparagraph of Regulation (EU) 2024/2847 states that if the manufacturer has applied harmonised standards, common specifications or European cybersecurity certification schemes covering the essential cybersecurity requirements, Module A self-assessment is sufficient even for Class I. The notified body is required only when harmonised standards are not fully applied.
The Annex VII technical documentation is the same regardless of the conformity assessment module. Module A means you assess it yourself. Module B+C means a notified body reviews the same documentation and issues a certificate. Module H means the notified body assesses your quality management system. The documentation obligation does not change.
Annex III categories describe product types, not specific model numbers. "Routers, modems intended for the connection to the internet, and switches" covers all consumer and enterprise routers. "Smart home products with security functionalities" covers any smart home device with security features. If your product fits the functional description, it is Class I. Use the CRACheck classifier for formal determination.
Annex VII documentation is required for all Class I products, regardless of whether Module A or notified body assessment applies. CRACheck generates the 8-document package.
Determines product category per Annex III. Defines conformity assessment route under Art. 32.
Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.
Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.
Information and instructions per Annex II. Security properties, support period, vulnerability reporting.
EU declaration of conformity per Art. 28 and Annex V.
Coordinated Vulnerability Disclosure policy per Annex I Part II.
Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.
Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated in your browser. No product data is transmitted to any server.
Generates the Annex VII documentation for your Class I product. Covers all 8 sections. Ready for Module A self-assessment or notified body submission.
CRACheck does not determine whether harmonised standards have been published for your product category. CRACheck does not select your notified body. You verify standard availability and engage the notified body.
We generate the documentation. You determine the assessment route.
Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.
Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.
Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.
Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.
Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.
| Alternative | Cost | What you get |
|---|---|---|
| Notified body full-service | €8,000–€25,000 | Docs + assessment. 3-6 months. |
| Self-assess under Module A without harmonised standards | €0 | Non-compliant for Class I. Art. 32.2 requires NB if standards not applied. |
| Classify as Default to avoid NB requirement | €0 | Incorrect classification = non-compliance. Market surveillance will verify. |
| CRACheck + separate NB | €149 + NB fee | Documentation in 15 min. NB assessment on your timeline. |
Each Class I product needs its own Annex VII dossier. Volume pricing: €99/product (10-pack), €79/product (30-pack).
Request volume pricingCRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.
CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.