Annex III lists 19 Class I categories and 4 Class II categories. Class I includes routers, operating systems, smart home devices, identity management systems, and wearables. Class II includes firewalls, hypervisors, and tamper-resistant processors. For Class I, Article 32(2) triggers stricter assessment only when harmonised standards, common specifications, or European cybersecurity certification schemes at assurance level "substantial" have not been applied in full. If they have, Article 32(1) allows Module A. For Class II, Article 32(3) always requires Module B+C, Module H, or a certification scheme. CRACheck produces the Annex VII documentation that both paths require as their starting input. Eight documents, €149.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
Article 32(2) is conditional: Class I products only need Module B+C or H where the manufacturer has not applied harmonised standards in full. If you fully apply the relevant harmonised standards, Article 32(1) applies and Module A is available.
Article 32(3) is unconditional for Class II: the manufacturer shall demonstrate conformity using Module B+C, Module H, or a European cybersecurity certification scheme at assurance level at least "substantial." Module A is not available for Class II products.
Annex VIII Part II, point 3.3 requires the application to the notified body to include the technical documentation that makes it possible to assess conformity. Approaching a notified body without the Annex VII documentation means the examination cannot begin. Prepare the documentation first.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Critical for Class I/II: confirms the exact Annex III category and the applicable Article 32 paragraph. Distinguishes between Class I with harmonised standards (Module A possible) and Class I without (notified body required).
Per Annex VII. For notified body submissions, this is what Annex VIII Part II, point 3.3 requires as part of the application.
Per Article 13(2)–(3). The notified body will review this under Annex VIII Part II, point 4.1 when examining the adequacy of the technical design.
Per Annex II. Required regardless of the assessment path.
Per Article 28 and Annex V. For Module H, the notified body's identification number follows the CE marking per Article 30(4).
Per Part II, point (5) of Annex I. The notified body under Module B will verify that vulnerability handling processes are in place.
Article 14 ENISA structure. The notified body performs periodic audits to ensure Part II of Annex I is implemented. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Key dates including notified body designation timeline (Chapter IV from 11 June 2026), your expected examination timeline, and support period milestones.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
CRACheck generates the technical documentation, risk assessment, declaration of conformity, and supporting documents that the notified body application requires under Annex VIII Part II, point 3. Well-structured documentation reduces examination time and cost.
The notified body examines your technical design, tests product specimens, verifies vulnerability handling processes, and issues (or refuses) an EU-type examination certificate. CRACheck does not perform or substitute any part of this examination.
CRACheck builds the documentation package. The notified body examines it. Both steps are necessary for Class I without harmonised standards and for all Class II products.
Article 64 of Regulation (EU) 2024/2847.
Non-compliance with Annex I or Articles 13/14.
Using Module A for a product that requires Module B+C or H, or failing to produce technical documentation.
Misleading information to notified bodies or authorities.
| Criterion | Default (Module A) | Class I with harmonised standards | Class I without harmonised standards | Class II |
|---|---|---|---|---|
| Legal basis | Art. 32(1)(a) | Art. 32(1) — all options | Art. 32(2) | Art. 32(3) |
| Notified body | Not required | Not required | Required (Module B+C or H) | Required (Module B+C, H, or certification) |
| CRACheck documentation | Full package | Full package | Full package (input to NB) | Full package (input to NB) |
| Estimated total cost (docs + NB) | €149 | €149 | €149 + €5K–€15K | €149 + €8K–€20K |
Each Important product needs its own Annex VII documentation and classification determination. Pack of 10: €99 per product.
Request Volume PricingCRACheck generates a structured document based on Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy of the classification and product data is your responsibility as the manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII and that all legal references are correct. We do not guarantee that a notified body will issue a positive certificate based on the documentation, nor that a market surveillance authority will accept the classification.
CRACheck is not legal advice. For classification disputes or notified body selection, consult a regulatory specialist.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.