CRA Compliance Dongguan Ningbo Factory EU Export

Key numbers

Self-service

No European consultant needed. Your engineering team generates the documentation in-house.

No lab

Local testing labs do not offer CRA services yet. CRACheck fills the gap until they do.

€149

Per product. Same cost as a CE test report. Fraction of a consultant fee.

CRA documentation for a Dongguan or Ningbo electronics factory

Your factory already produces CE documentation. CRA is one more layer — and CRACheck generates it without leaving the factory.

List all connected products you export to the EU

Smart plugs, cameras, LED controllers, sensors, gateways, chargers, speakers. Any product with WiFi, Bluetooth, Zigbee, LTE.

Classify each product

Use the free CRACheck classifier. Most consumer electronics are Default. Products with security functions are Class I.

Assign to your engineering team

The engineer who designed the product enters the data into CRACheck. They know the firmware, the connectivity, the update mechanism. 15-25 minutes per product.

Generate dossiers in batches

Use volume pricing for your full catalogue. 10-pack: €99/product. 30-pack: €79/product.

Integrate with your existing export documentation

Add the CRA dossier to the product file alongside CE, RoHS, REACH and product datasheets.

Deliver to EU customers

OEM brand customers, Amazon stores, Alibaba buyers — all receive CRA documentation with the product.

Your factory already produces CE documentation. CRA is one more layer — and CRACheck generates it without leaving the factory.

Factory-level CRA mistakes

❌

LOCAL LABS

We will wait for our local testing lab to offer CRA services

CRA enforcement starts 11 December 2027. Local testing labs in Dongguan and Ningbo are focused on EMC, RED and safety testing. CRA cybersecurity documentation is a different discipline — it requires software engineering knowledge, not lab equipment. Waiting for your local lab means missing the deadline. CRACheck generates documentation now.

❌

ART. 3(13)

We produce for EU brands — they handle compliance

When you produce under OEM contract, the EU brand is typically the manufacturer under Art. 3(13). But they will contractually require you to deliver Annex VII documentation because you have the engineering data. When you sell under your own brand on Amazon, you are the manufacturer. Either way, you need the documentation.

❌

DATA SECURITY

CRA documentation requires sharing our product data with a European consultant

CRACheck processes everything in your browser. No product data is sent to any server. No NDA required. No IP disclosure to third parties. Your firmware architecture, vulnerability handling processes and SBOM stay in your factory.

What each CRACheck dossier contains: 8 documents

Your factory produces the products. Your engineering team knows the specs. CRACheck structures the knowledge into 8 regulatory documents.

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

Self-service vs. European consultant

🧾 FLY A EUROPEAN CRA CONSULTANT TO DONGGUAN

€15,000–€30,000

Flights + hotel + daily rate + NDA + IP disclosure. 2-4 weeks on-site.

✓ CRACHECK

€149

8 documents. 15 min. Generated by your engineering team. No visitor badge needed.

CRACheck vs. local testing lab

● LAYER 1

What CRACheck does

Self-service CRA documentation for factories. Your engineer enters product data. CRACheck structures it per Annex VII. Download the ZIP. Deliver to your EU customer.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not perform CE testing, EMC measurements or RED certification. Your local lab handles those. CRACheck handles the CRA cybersecurity documentation layer they cannot.

Your lab handles CE. CRACheck handles CRA. Together, your export documentation is complete.

CRA penalty regime — Article 64 of Regulation (EU) 2024/2847

Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.

🇪🇺

Non-compliance with essential cybersecurity requirements (Annex I) and Art. 13/14 obligations

€15M / 2.5%

Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.

🇪🇺

Non-compliance with technical documentation (Art. 31), authorised representative (Art. 18), conformity assessment (Art. 32)

€10M / 2%

Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.

🇪🇺

Supply of incorrect, incomplete or misleading information to authorities

€5M / 1%

Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.

Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.

Alternatives

Alternative	Cost	What you get
European consultant on-site	€15,000–€30,000	2-4 weeks. IP disclosure. NDA.
Wait for local lab	€0 now	Labs may not offer CRA for years. Deadline does not wait.
Ask EU customer to handle documentation	€0	EU customer does not have your engineering data. Delays the order.
CRACheck	€149	Self-service. 15 min. No consultant. No lab. No IP disclosure.

Your factory catalogue has 20-50 connected products for EU export?

Volume pricing designed for factory catalogues: €99/product (10-pack), €79/product (30-pack). Document your full range before the enforcement date.

Request volume pricing

Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Can our factory quality team use CRACheck without cybersecurity expertise?

CRACheck guides users through each Annex VII section with clear prompts. The person entering data should know the product's firmware version, connectivity type, update mechanism and security features. This is typically the engineer who designed the product or the quality manager who handles CE documentation.

Is CRACheck available in Chinese?

CRACheck generates documents in English. The interface is in English. Article 31.4 requires documentation in a language acceptable to relevant authorities — English is accepted across the EU.

Can we use CRACheck for products we manufacture for EU brands (OEM)?

Yes. Generate the documentation using your product's engineering data. Deliver the 8-document ZIP to the EU brand. They review, adapt the Declaration of Conformity and sign it as manufacturer under Art. 3(13).

Do we need one CRACheck licence per unit produced or per product model?

Per product model. One licence generates documentation for one product with digital elements. If you manufacture 100,000 units of the same smart plug model, one licence covers the model. Different models with different firmware or connectivity need separate licences.

Is this a subscription?

No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.

What if the regulation changes?

If the regulation changes during the validity of your licence, you can regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act — full text

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.