Precision agriculture has moved from standalone equipment to cloud-connected IoT platforms. Soil sensors report moisture and nutrient data over LoRaWAN. Weather stations upload microclimate readings via cellular. Irrigation controllers receive cloud-based commands over NB-IoT. Livestock tags transmit location and health data via satellite. Every one of these is a product with digital elements under Art. 3(1). The CRA does not distinguish between enterprise IT and agricultural IoT. Art. 2(1) covers any product with a logical or physical data connection. Most agritech devices fall under Default classification — but if your product includes a gateway with routing functionality, it may be Important Class I under Annex III item 12. Art. 13(8) requires a support period proportionate to expected use — and farm equipment is typically deployed for 7-15 years. CRACheck generates the 8-document technical file. €149 per product. 15-25 minutes. Field data architecture stays in your browser.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
Art. 2 of Regulation (EU) 2024/2847 lists specific exclusions: medical devices (2017/745), IVDs (2017/746), motor vehicles (2019/2144), aviation (2018/1139), marine equipment (2014/90). Agriculture is not on the exclusion list. Any connected farm device placed on the EU market is within scope.
A LoRaWAN sensor that transmits data to a gateway has a logical data connection under Art. 2(1). It contains firmware. It processes data. It connects to a network. Even minimal connectivity creates CRA scope. The low-power, low-bandwidth nature of LoRaWAN does not create an exemption.
Art. 13(9) of Regulation (EU) 2024/2847 requires free security updates throughout the support period. For thousands of sensors deployed across farms, OTA update capability is not optional — it is a CRA requirement. A product without any update mechanism cannot fulfil Art. 13(9) and is non-compliant.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Identifies Default (sensors, actuators, controllers) or Important Class I (field gateways with routing per Annex III item 12).
Art. 31 and Annex VII documentation: device architecture, LPWAN protocol specifications, cloud integration, OTA update mechanism, power management impact on security.
Cybersecurity risk assessment covering agriculture vectors: irrigation manipulation, crop data integrity, GPS spoofing for autonomous machinery, livestock data disruption, gateway-to-platform lateral movement.
Annex II information for farmers, cooperatives and integrators: secure deployment in field conditions, connectivity provisioning, firmware update procedures, vulnerability reporting, support period aligned with equipment lifecycle.
EU Declaration per Art. 28 and Annex V.
Coordinated vulnerability disclosure policy for agricultural technology research community.
ENISA notification template per Art. 14.
Key dates with agricultural procurement cycles: Art. 14 from September 2026, full enforcement December 2027, seasonal deployment windows.
See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Generated from your data, in your browser. No data leaves your device.
CRACheck generates Art. 31 and Annex VII technical documentation for each connected agriculture device. Coverage includes risk assessment scoped to agricultural deployment, vulnerability handling for field-deployed hardware, OTA update documentation, SBOM, coordinated disclosure, ENISA template and support period definition proportionate to farm equipment lifecycles.
CRACheck does not perform penetration testing on LoRaWAN or NB-IoT stacks. It does not conduct environmental durability testing. It does not verify GPS anti-spoofing mechanisms. It does not audit cloud platform security for farm management systems. It does not assess compliance with Common Agricultural Policy digital requirements.
The field is connected. The CRA follows the connection. CRACheck documents the cybersecurity layer for every sensor, controller and gateway on the farm.
A vulnerability in irrigation control networks or livestock monitoring triggers 24h ENISA notification.
Agriculture IoT devices placed on the EU market must carry CE marking and Art. 31 documentation.
For agriculture IoT manufacturers non-compliant with Art. 13 or Annex I.
| Criterio | IoT security consultant | Internal engineering | Ignore until enforcement | CRACheck |
|---|---|---|---|---|
| Price | €6K-15K | Staff time | €0 now | €149 per device |
| Art. 31 documentation | No — report | Variable | None | 8-document ZIP |
| Long-lifecycle coverage | One-time | Ongoing effort | N/A | Regenerable within 30 days |
| Field data stays with you | Shared | Internal | N/A | 100% browser-side |
| CRACheck | €149 | 8-doc | Regenerable | Browser-side |
Pack 10: €99 per product. Pack 30: €79 per product. For agritech manufacturers with broad IoT portfolios, contact us.
Request volume pricingCRACheck generates a structured document set according to Art. 31 and Annex VII of Regulation (EU) 2024/2847 based on the information you provide about your agriculture IoT device. The accuracy of device specifications, connectivity data and deployment context is your responsibility as manufacturer.
We guarantee that the document structure follows Art. 31 and Annex VII and that the legal references cited are correct. We do not guarantee acceptance by a market surveillance authority or agricultural equipment dealer procurement process.
CRACheck is not legal advice. For product classification of agriculture IoT with embedded network functionality, consult a qualified IoT regulatory specialist.
Soil sensors, weather stations, irrigation controllers, livestock monitors, field gateways. Eight documents per device. €149. Browser-side. Your field architecture stays on your device.