Indian healthtech companies selling into Europe face a regulatory gap perception. The team knows MDR (Regulation 2017/745) and assumes that if the product is not a medical device, no EU product regulation applies. Regulation (EU) 2024/2847 closes that gap. Article 2(2)(a) explicitly exempts products covered by Regulation 2017/745 — medical devices. But telemedicine platforms, hospital management systems, wellness apps, and health monitoring tools that are not medical devices remain within CRA scope. European hospital procurement is updating vendor requirements. CRACheck generates 8 PDF documents under Art. 31 + Annex VII in 15–25 minutes. €149 per product. 100% browser-side — patient data never leaves your machine.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
Article 2(2)(a) of Regulation (EU) 2024/2847 exempts products covered by MDR (Regulation 2017/745) and IVDR (2017/746). If your product is NOT a medical device, the exemption does NOT apply — and the CRA does apply. Health-adjacent software (telemedicine, wellness, hospital management) that falls outside MDR is squarely within CRA scope.
HIPAA is a US regulation governing protected health information. European hospitals operate under GDPR for data protection and now under Regulation (EU) 2024/2847 for product cybersecurity. HIPAA does not satisfy either. CRA requires product-level Annex VII documentation. GDPR requires data processing records. Neither accepts HIPAA as a substitute.
If you market your telemedicine platform under your brand and sell it to European hospitals, you are the manufacturer under Article 3(1). The hospital is the user. Article 13 manufacturer obligations — including Annex VII technical documentation — fall on you, not on the hospital.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Classification confirming CRA (not MDR) applies. Important for healthtech products sitting at the boundary.
Annex VII with health-specific documentation: patient data flows, encryption architecture, access control mechanisms, interoperability with hospital systems.
Art. 13(2). Healthcare-specific threat model: patient data breach, ransomware, service availability in clinical settings.
Annex II. Hospital IT team documentation: integration requirements, security configuration, data migration, support period.
Art. 28 + Annex V.
Annex I Part II §5. Vulnerability disclosure with healthcare-appropriate response timelines.
Art. 14. ENISA notification for healthcare software vulnerabilities. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Key dates.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
Generates CRA Annex VII documentation for healthtech products that are NOT medical devices. 8 PDFs. 15–25 minutes. €149.
Does not assess whether your product qualifies as a medical device under MDR (Regulation 2017/745). Does not address GDPR or clinical data obligations. Does not replace a health regulatory consultant for MDR classification.
We handle CRA documentation. You handle MDR classification and GDPR compliance separately.
Article 64 of Regulation (EU) 2024/2847.
Art. 64(2). Health data breaches are the highest-visibility CRA enforcement scenario.
Art. 64(3).
Art. 64(4).
| Alternative | Cost | What you get |
|---|---|---|
| European healthtech consultant | €15,000–€25,000 | CRA + MDR boundary analysis + documentation. 4–6 months. |
| Internal team reads the regulation | Free + weeks | 81 pages of legalese. No guarantee of Annex VII compliance. |
| Assume no EU regulation applies | €0 | Hospital procurement disqualifies your product. |
| CRACheck | €149 | 8 documents. 15–25 min. Healthcare-relevant Annex VII. |
Telemedicine platform, health monitoring app, hospital management system — each needs its own Annex VII dossier. Contact us for healthtech volume pricing.
Request Volume PricingCRACheck generates a structured document under Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy is your responsibility as the manufacturer.
We guarantee structure and legal references. We do not guarantee acceptance by a hospital procurement committee or market surveillance authority.
CRACheck is not legal advice. For MDR/CRA boundary classification, consult a qualified health regulatory consultant.
Eight documents. Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.