Do all products with digital elements need CE marking under the CRA?

Yes. Article 30(1) of Regulation (EU) 2024/2847 requires the CE marking to be affixed to all products with digital elements before they are placed on the EU market. The conformity assessment route varies by product category (Art. 32), but the CE obligation itself applies universally within the CRA scope.

Can I self-certify under Module A?

Only if your product falls in the Default category (not listed in Annex III or IV) or if it is Important Class I and you have applied the relevant harmonised standards in full. Article 32(1)(a) allows Module A — internal control with no notified body — for these scenarios. All other scenarios require notified body involvement.

What is the difference between Modules A, B+C, and H?

Module A is internal control: the manufacturer self-assesses. Module B is EU-type examination: a notified body examines the type design. Module C is conformity to type: the manufacturer ensures production matches the approved type. Module H is full quality assurance: a notified body audits the entire quality management system. Details are in Annex VIII of Regulation (EU) 2024/2847.

Does my existing CE under RED cover the CRA?

Not fully. The CRA adds horizontal cybersecurity requirements (Annex I) on top of sectoral directives like RED. Article 2(5) addresses overlap: the Commission can adopt delegated acts to limit or exclude CRA application where sectoral rules achieve the same or higher protection level. Until such acts are adopted, assume both apply.

Is this a subscription?

No. One-time payment. The licence includes a 30-day editing window and 10 regenerations. The downloaded PDF is yours permanently.

Can I request a refund?

Article 16(m) of Directive (EU) 2011/83 applies. Upon licence activation, you give express consent for immediate generation of the digital content, waiving the 14-day withdrawal right. Refunds are accepted only for a reproducible technical defect.

What if the regulation changes?

If the regulation is amended during your licence validity period, you can regenerate the documentation using the updated version of the generator at no additional cost.

The CE marking on your digital product now requires cybersecurity conformity. Article 30 of Regulation (EU) 2024/2847 ties the CE mark to compliance with the essential cybersecurity requirements of Annex I. Article 32 determines which conformity assessment module applies — Module A for most products, Modules B+C or H for Important Class I without harmonised standards, and mandatory Modules B+C or H for Important Class II and Critical. CRACheck generates the documentation you need before you affix the mark.

The path to CE marking under the CRA starts with classification. If your product is in the Default category (not listed in Annex III or IV), Art. 32(1)(a) allows Module A — internal control, no notified body. If it is Important Class I and you have applied harmonised standards in full, Module A still works per Art. 32(1). If Important Class I without full harmonised standards, Art. 32(2) requires Modules B+C or H. Important Class II always requires Modules B+C or H per Art. 32(3). Critical products require certification per Art. 8(1) or fall back to Art. 32(3) modules. In all cases, the technical documentation under Annex VII must be complete before you affix the mark. CRACheck generates it. 15–25 minutes. €149.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Conformity assessment at a glance

Art. 32

Conformity assessment procedures

Module A

Internal control — Default products

Annex VIII

Assessment procedure details

How to get CE marking under the CRA

Classify your product

Check Annexes III and IV. If not listed, it is Default category. If listed in Annex III, determine Class I or Class II. If in Annex IV, it is Critical.

Determine the assessment module

Default: Module A (Art. 32(1)(a)). Important Class I with harmonised standards: Module A. Class I without: B+C or H (Art. 32(2)). Class II: B+C or H (Art. 32(3)). Critical: certification or B+C/H (Art. 32(4)).

Prepare technical documentation

Annex VII, all 8 points. Must be complete before market placement per Art. 31(2).

Conduct the risk assessment

Per Art. 13(2)–(3) and Annex I Part I. The assessment feeds into the technical file.

Draw up the declaration of conformity

Per Art. 28 and Annex V. Art. 13(12) requires this after the conformity assessment demonstrates compliance.

Run CRACheck

CRACheck generates the full documentation package: Product Classifier (to confirm your module), Technical Documentation, Risk Assessment, Declaration of Conformity, and 4 additional documents. 8 PDFs in 15–25 minutes.

Affix the CE marking

Per Art. 30, the CE marking is affixed visibly, legibly, and indelibly to the product, packaging, or accompanying document. Only after the documentation is complete and conformity demonstrated.

Three mistakes manufacturers make with CE marking

❌

WRONG MODULE

Using Module A self-assessment for an Important Class I product without applying harmonised standards

Art. 32(2) explicitly states that Important Class I products that have "not applied or has applied only in part harmonised standards" must use Modules B+C or H, which require notified body involvement. Self-assessing under Module A in this scenario is non-compliant.

❌

CE BEFORE DOCS

Affixing the CE mark before the technical documentation is complete

Art. 13(12) requires: first draw up the technical documentation (Art. 31), then carry out the conformity assessment (Art. 32), then draw up the declaration of conformity (Art. 28), then affix the CE marking (Art. 30). This sequence is mandatory. CE marking without a completed Annex VII file is a violation.

❌

CYBERSECURITY IGNORED

Relying on existing CE under RED or LVD without addressing CRA-specific cybersecurity requirements

The CRA adds horizontal cybersecurity requirements on top of existing sectoral directives. A product that carries CE under Directive 2014/53/EU (RED) still needs separate CRA compliance for the cybersecurity aspects of Annex I that are not covered by RED. Art. 2(5) addresses the overlap mechanism.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

The entry point. Determines Default / Important Class I / Class II / Critical and maps to the correct Art. 32 assessment module.

Technical Documentation

Full Annex VII. Must exist before CE affixation.

Risk Assessment

Per Art. 13(2)–(3). Feeds into the conformity assessment evidence.

User Information

Per Annex II. The CE marking assumes the user has access to this information.

Declaration of Conformity

Per Art. 28 and Annex V. This is the manufacturer's formal statement that the product complies with the CRA. Must be available to users per Art. 13(20).

CVD Policy

Per Annex I, Part II, point (5). Part of the essential cybersecurity requirements that CE conformity covers.

Notification Template

Per Art. 14. Operational readiness is part of demonstrating compliance with Art. 13. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

Maps the CE marking compliance timeline: documentation → assessment → declaration → marking → support period.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 THE ALTERNATIVE

Engaging a notified body for the full conformity assessment process (Modules B+C or H): €15,000–€50,000 depending on product complexity. For Module A, using a consultant to prepare the self-assessment: €8,000–€20,000.

€15,000–€50,000

3–6 months.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history