The Cyber Resilience Act has three application dates. Chapter IV (notified bodies) applies from 11 June 2026. Article 14 (vulnerability and incident reporting to ENISA) applies from 11 September 2026. Everything else — technical documentation under Article 31, conformity assessment under Article 32, CE marking under Article 30, essential cybersecurity requirements under Annex I — applies from 11 December 2027. Products placed on the market before that date are not subject to the CRA unless placed on the market again after it. CRACheck generates the eight documentation components in 15–25 minutes for €149.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
Article 14 applies from 11 September 2026, sixteen months before full enforcement. From that date, manufacturers must notify actively exploited vulnerabilities to ENISA within 24 hours, submit a vulnerability notification within 72 hours, and deliver a final report within 14 days. Missing this intermediate deadline is a separate violation.
Article 69(1) states that products placed on the market before 11 December 2027 are subject to the CRA only where they undergo a substantial modification after that date. However, Article 13(8) and Part II of Annex I still apply during the support period for vulnerability handling.
Article 13(12) requires technical documentation to be drawn up before placing the product on the market. For Important Class I/II products, Article 32(2)–(3) requires third-party examination, which adds months. Starting in Q4 2027 risks missing the deadline.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
First step in any compliance timeline. Determines whether you need Module A or third-party examination, which directly impacts how far in advance you need to start.
Per Article 31 and Annex VII. The central document that must exist before market placement. Starting early means you have time to iterate.
Per Article 13(2) and (3). Maps your product against Part I of Annex I. Must be updated during the support period.
Per Annex II. Nine mandatory items that must accompany the product at market placement.
Per Article 28 and Annex V. Cannot be issued until the conformity assessment is complete.
Required from 11 September 2026 for Article 14 compliance. Starting early is not optional for this document.
Article 14 structure. Operational from 11 September 2026. Must be in place before the first vulnerability is discovered.
Maps the three enforcement dates, your product's support period, and documentation retention requirements (10 years per Article 13(13)) onto a single timeline.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
Technical documentation per Annex VII, cybersecurity risk assessment per Article 13, declaration of conformity per Annex V, user information per Annex II. All of this must exist on the date you place your product on the market after 11 December 2027.
The CRA is not a one-time compliance event. Article 13(8) imposes a minimum five-year support period. Part II of Annex I requires continuous vulnerability handling. Article 14 requires real-time notification to ENISA. These are ongoing operational obligations that no documentation tool replaces.
Build the documentation layer now. Use the time between now and December 2027 to build the operational capabilities the CRA demands.
Article 64 of Regulation (EU) 2024/2847.
Breach of Annex I or Articles 13/14 — applies from 11 December 2027 (Art. 13) and 11 September 2026 (Art. 14).
Breach of Art. 31, Art. 28, Art. 32 — applies from 11 December 2027.
Misleading information to authorities.
| Criterion | Wait until Q4 2027 | Start with consultant now | Start with templates now | CRACheck now |
|---|---|---|---|---|
| Risk of missing deadline | Maximum | Low, but expensive | Medium — incomplete | Low — full Annex VII |
| Cost | Premium rush rates later | €10K–€20K now | Staff time | €149 now |
| Art. 14 readiness (Sept 2026) | Not covered | May be included | Not covered | CVD + ENISA template included |
| Time to first draft | Months (if consultant available) | 8–16 weeks | Weeks | 15–25 minutes |
Each product needs its own documentation set. Volume pricing: €99 per product (10-pack) or €79 per product (30-pack). Start early, document all products.
Request Volume PricingCRACheck generates a structured document based on Article 31 and Annex VII of Regulation (EU) 2024/2847 from the data you provide. You are responsible for the accuracy of that data as the manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII and that all legal references are correct. We do not guarantee acceptance by any specific market surveillance authority or notified body.
CRACheck is not legal advice. For company-specific compliance strategy, consult a specialised regulatory lawyer.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.