Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your Indian SaaS company sells ERP, accounting, or business management software to European businesses. You market it under your brand. Under Article 3(1) of Regulation (EU) 2024/2847, you are the manufacturer. Article 13 requires the full set of obligations — including Annex VII technical documentation. Your European enterprise client will ask. CRACheck generates the answer.

Indian SaaS companies have built successful ERP, accounting, HRMS, and business management platforms used by thousands of European businesses. The sales process is familiar: demo, trial, contract, onboarding. Regulation (EU) 2024/2847 adds a new step to enterprise procurement: the compliance check. European enterprise clients — especially those in regulated industries — are requiring Annex VII documentation from their software vendors. Your sales team needs to respond with evidence, not promises. CRACheck generates 8 PDF documents structured under Art. 31 + Annex VII in 15–25 minutes. €149 per product. 100% browser-side.

Generate Annex VII dossier — €149Free: check if your product is in scope

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side — your data never leaves your device

Key numbers

Art. 3(1)
You market the SaaS under your brand. You are the manufacturer.
Annex I §2(g)
Data minimisation. Your ERP processes business-critical data. The CRA requires you to document how.
€149
Per product. The cost of closing one enterprise deal covers it indefinitely.

How it works

1
Confirm CRA scope
Your SaaS is a product with digital elements (Art. 3(1): software and its remote data processing solutions). If it has a data connection and is available on the EU market, Art. 2(1) applies.
2
Classify the product
Use the free CRACheck classifier. Most ERP/accounting SaaS is Default category. Products with identity management or access control may be Important Class I (Annex III §1).
3
Complete CRACheck
15–25 minutes. CTO or product lead with architecture knowledge.
4
Download the 8-PDF dossier
Structured Annex VII documentation.
5
Integrate into your sales process
Add the Annex VII dossier reference to your enterprise sales deck and security questionnaire responses.
6
Close enterprise deals with confidence
EU procurement committees see structured evidence. Your proposal stands out.

Three mistakes to avoid

COMMON MISTAKE

"Our SaaS is cloud-hosted — the CRA only applies to on-premise software"

Article 3(1) of Regulation (EU) 2024/2847 defines "product with digital elements" as including "remote data processing solutions." Cloud-hosted SaaS that is marketed as a product on the EU market falls within scope. The hosting model does not determine whether the CRA applies — the product's market placement does.

COMMON MISTAKE

"We comply with GDPR — that should satisfy EU compliance requirements"

GDPR regulates personal data processing. The CRA regulates product cybersecurity. They address different dimensions. GDPR requires a privacy policy and data processing agreements. The CRA requires technical documentation (Annex VII), cybersecurity risk assessment (Art. 13(2)), vulnerability handling (Annex I Part II), and ENISA notification (Art. 14). Both are required. Neither substitutes the other.

COMMON MISTAKE

"European SMEs do not care about CRA — only large enterprises"

European SMEs may not ask about CRA compliance today. But their accountants, their banks, and their insurers will. As December 2027 approaches, CRA compliance will become a procurement baseline — not an enterprise-only requirement. Building the documentation now serves your entire EU client base.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Classification for business SaaS.

2

Technical Documentation

Annex VII: multi-tenant architecture, API integrations (banks, tax authorities, payment providers), data processing model.

3

Risk Assessment

Art. 13(2). Business data threat model: unauthorised access, data corruption, service availability, API key management.

4

User Information

Annex II. Onboarding instructions, security configuration, data export, account decommissioning.

5

Declaration of Conformity

Art. 28 + Annex V.

6

CVD Policy

Annex I Part II §5.

7

Notification Template

Art. 14. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

8

Obligations Calendar

Key dates.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 EUROPEAN SaaS COMPLIANCE CONSULTANT
€10,000–€18,000
3–5 months. Per product.
✓ CRACHECK
€149
8 documents. 15–25 minutes. Revenue-positive from the first enterprise deal.

Two layers of responsibility

● WHAT CRACHECK DOES

Documentation generation

Generates Annex VII documentation for your SaaS product. 8 PDFs. 15–25 minutes. €149. The compliance artefact your EU enterprise clients expect.

∅ WHAT CRACHECK DOES NOT DO

What falls outside CRACheck

Does not assess GDPR compliance. Does not review your cloud hosting security (SOC 2, ISO 27001 address that). Does not replace legal advice on SaaS-specific CRA scope questions.

We document the product. You handle hosting security and data protection.

Enforcement regime

Article 64 of Regulation (EU) 2024/2847.

🇪🇺
Non-compliance with Annex I + Art. 13, 14
€15M / 2.5%

Art. 64(2). You are the manufacturer.

🇪🇺
Missing documentation (Art. 31)
€10M / 2%

Art. 64(3).

🇪🇺
Incorrect information
€5M / 1%

Art. 64(4).

Alternatives

AlternativeCostWhat you get
European SaaS compliance consultant€10,000–€18,000Full review. 3–5 months.
Sales team writes a "compliance statement"FreeGeneric text. No artefact. Procurement rejects.
Delay until enforcement€0Lose enterprise deals now. Scramble in 2027.
CRACheck€1498 documents. 15–25 min. Enterprise procurement-ready.

Your SaaS platform has multiple modules or standalone products?

If your ERP, accounting, and HRMS are marketed as separate products, each needs its own Annex VII dossier. Contact us for SaaS company volume pricing.

Request Volume Pricing
One-business-day response

What CRACheck guarantees and what it does not

CRACheck generates a structured document under Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy is your responsibility as the manufacturer.

We guarantee structure and legal references. We do not guarantee acceptance by a market surveillance authority or EU enterprise client.

CRACheck is not legal advice. For SaaS-specific CRA scope questions, consult a qualified lawyer.

Frequently asked questions

Does the CRA apply to cloud-hosted SaaS sold from India?
Article 3(1) of Regulation (EU) 2024/2847 includes "remote data processing solutions" in the definition of product with digital elements. If your SaaS is marketed as a product on the EU market — not as a bespoke service — the CRA applies regardless of hosting location. The key factor is whether it is a "product" placed on the market.
We have thousands of EU users. Do we need one licence or many?
One CRACheck licence per product. If your ERP is one product used by thousands of EU customers, one licence generates the Annex VII documentation for that product. If you sell ERP, accounting, and HRMS as separate products, each needs its own dossier.
Will CRA compliance help us win enterprise deals?
European enterprise procurement committees are adding CRA compliance to their vendor evaluation criteria. A structured Annex VII dossier demonstrates readiness that a paragraph in a proposal cannot. Early adopters gain a competitive advantage in the procurement scoring.
Our product integrates with European banks and tax authorities. Does that affect CRA scope?
Integration with external systems increases the attack surface documented in Annex I. It does not change the CRA scope — your product was already in scope as a product on the EU market. However, Annex VII §2(a) requires documentation of how components integrate, and Annex I Part I §2(j) requires limiting attack surfaces including external interfaces.
Is it a subscription?
No. One-time payment. 30 days editing, 10 regenerations.
Can I request a refund?
Art. 16(m) Directive (EU) 2011/83. Activation = express consent. Refunds only for reproducible technical failures.
What if the regulation changes?
Regenerate at no additional cost during your licence period.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your SaaS product is on the EU market. The documentation obligation is yours. Generate it in 15 minutes.

Eight documents. Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.

€149 one-time
8 documents · 15–25 min · No subscription · 100% browser-side
Generate Annex VII dossier — €149

Related landings

🚀 SaaS startup

CRA compliance Indian SaaS startup — EU customers
💳 Fintech

CRA compliance payment gateway fintech India — EU
📋 RFP

CRA clause in European RFP — Indian IT services
✓ Last regulatory check: 28 April 2026 · No substantive changes detected · View history