If your ASIC implements a hardware root of trust, a crypto accelerator, a secure key storage vault, or a tamper-detection mesh, it has security-related functionalities under Annex III item 15. That classification as Important Class I means Module A self-assessment is available only if you apply harmonised standards covering all essential cybersecurity requirements of Annex I, or hold an EU cybersecurity certification at assurance level "substantial." Without either, Article 32(2) directs you to third-party assessment under Module B+C or Module H. CRACheck classifies your ASIC or FPGA, maps its security architecture to Annex I, and generates the 8-document dossier. €149. 15–25 minutes. Your design files stay on your machine.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
Annex III Class I item 15 explicitly lists "application specific integrated circuits (ASIC) and field-programmable gate arrays (FPGA) with security-related functionalities." The item targets the function, not the brand or specific product name. If your ASIC implements any security function — cryptographic processing, authentication, tamper detection, secure key storage — it matches this category.
If the FPGA is manufactured and marketed with security-related functionalities (e.g., embedded crypto blocks, secure boot support, anti-tamper features), the FPGA itself is the product with digital elements. The manufacturer who designs and markets the FPGA with these features carries obligations under Article 13. A downstream user who loads a custom bitstream may become a manufacturer of a modified product under Article 22 if the modification is substantial.
A Common Criteria evaluation is not the same as CRA conformity assessment. Article 32(2) allows Module A for Important Class I products only with harmonised standards or an EU cybersecurity certification at assurance level "substantial" under the Cybersecurity Act (Regulation (EU) 2019/881). A CC certificate under a national scheme may support your case but does not automatically satisfy CRA requirements. A separate Annex VII dossier is still required.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Determines whether your ASIC/FPGA is Important Class I (item 15, security functions), Class II (items 3–4, tamper-resistant), or another category. Documents the rationale and conformity assessment path.
Art. 31 + Annex VII dossier covering hardware architecture, security function specifications, design verification, production integrity controls.
Annex I Part I analysis at the hardware level: physical attacks, side-channel analysis, fault injection, reverse engineering, supply chain tampering.
Annex II information for integrators: secure integration guidelines, debug interface controls, key provisioning procedures, configuration requirements.
Art. 28 + Annex V with Annex III Class I classification and applicable conformity module.
Hardware vulnerability disclosure: errata notification process, security advisory format, coordination with integrator ecosystem.
Art. 14 ENISA notification for hardware-level vulnerabilities. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Enforcement milestones, silicon revision schedule, support period.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
CRACheck confirms your Annex III position, structures your security architecture against Annex I essential requirements, and generates the 8-document dossier per Art. 31 + Annex VII. This documentation is the prerequisite for any conformity assessment path — Module A, B+C, or H.
If harmonised standards do not cover your ASIC's essential requirements, Article 32(2) requires third-party assessment. CRACheck produces the documentation that feeds into that process. It does not submit applications to notified bodies, conduct side-channel evaluations, or manage your CC certification. Those are separate activities that require your documentation as input.
No conformity assessment begins without documentation. CRACheck produces that documentation. Start here.
Article 64 of Regulation (EU) 2024/2847.
Annex I + Art. 13/14.
Art. 28, 31, 32.
Misleading information.
| Criterion | Semiconductor Security Consultant | CC Evaluation Lab | In-House from Standards | CRACheck |
|---|---|---|---|---|
| Time per product | 10–20 weeks | 12–24 months (CC) | 8–16 weeks | 15–25 minutes |
| Cost | €20,000–€40,000 | €100,000+ (CC eval) | Staff + training | €149 |
| CRA-specific output | Consultant report | CC certificate (not CRA) | Variable quality | 8 PDFs per Annex VII |
| IP exposure | NDA + design files | NDA + test access | Internal | 100% browser-side |
Each product family with distinct security architecture requires its own classification and dossier. Volume pricing: €99/product (pack 10), €79/product (pack 30).
Request Volume PricingCRACheck generates a structured document aligned with Article 31 and Annex VII of Regulation (EU) 2024/2847 based on your ASIC or FPGA product data. The accuracy of that data — including your product's security functionalities and design characteristics — is your responsibility as manufacturer.
We guarantee the document structure follows Art. 31 + Annex VII and that the Annex III classification logic is current. We do not guarantee acceptance by a notified body or market surveillance authority in a specific case.
CRACheck is not legal advice. For Annex III item 15 classification disputes, conformity assessment strategy, or interaction with CC evaluation schemes, consult a specialised regulatory attorney.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.