Are there CRA exemptions for small businesses?

The CRA does not exempt companies based on size. However, Recital 93 and Article 31 provide for a simplified technical documentation form for microenterprises (fewer than 10 employees) and small enterprises (fewer than 50 employees), reducing administrative burden. Article 64(5)(c) requires fines to consider company size. CRACheck's output is compatible with both full and simplified documentation formats.

What is the minimum CRA compliance cost for a small US company?

Using CRACheck, the minimum is €149 per product for the complete 8-document dossier. If your product classifies as Default under Annex III, you qualify for Module A self-assessment with no notified body fees. Total compliance documentation cost: €149. Ongoing costs: maintaining security updates and vulnerability handling processes per Annex I, Part II — which your engineering team should be doing regardless.

Can I use CRACheck for all my products or do I need a consultant for some?

CRACheck covers all product categories. For Default products (the majority), the full dossier is sufficient. For Important Class II or Critical products, you will also need notified body involvement per Article 32(3), which CRACheck cannot provide. CRACheck still generates the documentation these categories require — but the conformity assessment adds an external cost.

How does CRACheck compare to free templates available online?

Free CRA templates, where they exist, typically provide blank document structures without product-specific content generation. CRACheck generates populated documents from your product data, mapped to Annex I requirements, with pre-structured risk assessment categories, pre-filled regulatory references, and integrated cross-references between documents. The difference is between a blank template and a populated dossier.

If I start with CRACheck, can I switch to a consultant later?

Yes. CRACheck documentation can serve as a starting point for a more detailed engagement. A consultant reviewing an existing CRACheck dossier will spend less time than starting from scratch, potentially reducing their fees. The documents are standard PDFs with no lock-in.

Is CRACheck a subscription?

No. One-time payment. 30 days of editing, 10 regenerations. The PDF is yours to keep.

Can I request a refund?

Per Article 16(m) of Directive (EU) 2011/83, activating the license constitutes express consent for immediate generation. Refunds only for reproducible technical failures.

What if the regulation changes?

Regenerate at no additional cost during your license period.

Your EU customers require CRA documentation. You have 20 employees and no regulatory affairs department. A European law firm quotes €15 000. A US compliance consultant quotes $10 000. Your legal budget for the quarter is $5 000. CRACheck generates the complete 8-document dossier for €149 per product in 15 minutes. This page compares every alternative so you can decide with numbers.

The Cyber Resilience Act (Regulation (EU) 2024/2847) requires technical documentation under Article 31 + Annex VII, a cybersecurity risk assessment under Article 13, and a declaration of conformity under Article 28. For a small US business, the question is not whether these documents are needed — Article 13 is clear — but how to produce them without spending more on compliance than on product development. CRACheck was designed for companies where €15 000 per product is not an option. €149 per product. 15-25 minutes. No subscription. Browser-side processing.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

€149

CRACheck cost per product. Compare: €15,000 average consultant cost for the same documentation.

15 min

Time to generate the full dossier. Compare: 8-16 weeks with a consultant.

100x

Cost difference: CRACheck vs. average regulatory consultant for a single product.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Decide your compliance approach

This page compares four options. Read the comparison, then choose.

If CRACheck: open the generator

Enter your product details. No onboarding call. No NDA. No statement of work.

Classify your product

CRACheck determines your Annex III category. Most small business software products classify as Default — eligible for self-assessment.

Describe your product

Architecture, security controls, third-party components. You know your product better than any consultant.

Generate 8 documents

Technical documentation, risk assessment, declaration of conformity, user information, CVD policy, ENISA template, obligations calendar.

Download and deliver

8 PDFs in ZIP. Ready for your EU customer. Total elapsed time: 15-25 minutes. Total cost: €149.

Repeat for each product

If you have multiple products, each needs its own dossier. Professional Pack: €1,199 — 70 generations, one key.

Common mistakes

❌

ENFORCEMENT REALITY

"We are too small for EU regulators to notice"

CRA enforcement applies to products, not company size. Article 64 does not set a minimum revenue threshold for fines. More importantly, the practical enforcement mechanism is commercial: your EU customers will refuse to buy products without documentation, and EU importers cannot legally place undocumented products on the market (Article 19). Regulatory enforcement is secondary — commercial exclusion is primary.

❌

COMMERCIAL RISK

"We will wait and see if any small company actually gets fined"

By the time a fine is publicized, you have already lost EU market access. EU importers and enterprise customers are building compliant supply chains now. Vendors without CRA documentation are excluded from procurement shortlists before any fine is issued. The cost of exclusion — lost revenue from EU customers — exceeds the €149 documentation cost by orders of magnitude.

❌

SPECIALIZATION GAP

"We will ask our accountant/general attorney to handle EU compliance"

CRA compliance requires understanding of Regulation (EU) 2024/2847 — a 81-page EU regulation with specific technical documentation requirements. A general attorney or accountant without EU product safety law expertise will spend 40-80 hours researching the regulation before producing a single document. At $200-$400/h, the research cost alone exceeds €15,000. CRACheck eliminates the research step.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Determines your Annex III category. For small businesses, confirming Default classification (Module A self-assessment) is the most cost-relevant finding — no notified body fees required.

Technical Documentation

Art. 31 + Annex VII. The core document that demonstrates CRA compliance. Structured for your product's specific architecture.

Risk Assessment

Art. 13(2)-(3). Product-specific cybersecurity risk analysis mapped to Annex I requirements.

User Information

Annex II. What you must disclose to your EU users about your product's security.

Declaration of Conformity

Art. 28 + Annex V. The formal compliance statement.

CVD Policy

Vulnerability disclosure policy per Annex I, Part II.

Notification Template

Art. 14 ENISA notification structure. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

Key dates and support period obligations.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 ALL OTHER OPTIONS

€8,000–€100,000

EU law firm: €15K-€25K, 8-16 weeks. US consultant: $8K-$15K, 6-12 weeks. Internal counsel: 40-80 hours at $200-$400/h. Or ignore CRA: €0 upfront, lose EU market access.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history