Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your project management tool is used by teams across Europe. The desktop app, the mobile app, and the browser extension are products with digital elements under Article 3(1) of Regulation (EU) 2024/2847. Your European enterprise customers manage sensitive project data, client information, and internal communications through your platform. Their procurement teams now ask for CRA documentation alongside your security certifications. CRACheck generates it.

Project management platforms typically offer multiple installable components: desktop applications for offline access, mobile apps for on-the-go task management, browser extensions for notifications, and API clients for integrations. Each installable component, plus the cloud platform as remote data processing, forms a regulated product under the CRA. Article 13 requires technical documentation, risk assessment, and conformity declaration. CRACheck generates the 8-document dossier in 15-25 minutes for €149.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side — your data never leaves your device

Key numbers

Art. 3(1)-(2)
Desktop app + mobile app + cloud backend = one regulated product with remote data processing
€15M
Maximum fine for non-compliance (Art. 64(2))
€149
Full CRA dossier per product

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

1
Define product scope
PM platform, desktop app, mobile app, browser extension, API connectors. CRACheck documents everything as one product.
2
Classify under Annex III
PM tools typically classify as Default. No privileged security functions.
3
Describe collaboration architecture
Real-time sync, file sharing, commenting, notification systems, integration APIs, webhook handlers.
4
Map data handling
Project data, task assignments, file attachments, internal messages, client information stored within projects.
5
Generate risk assessment
PM-specific: unauthorized access to project data, file sharing vulnerabilities, notification interception, API abuse, and third-party integration credential exposure.
6
Produce 8 documents
Complete dossier covering all platform components.
7
Attach to vendor renewal
EU enterprise clients evaluate CRA documentation alongside your SOC 2 and GDPR DPA.

Common mistakes

PRODUCT vs INTERNAL TOOL

"PM tools are internal productivity software — not regulated products"

Your PM tool is not an internal tool — it is a commercial product placed on the EU market. Internal tools developed by a company for their own use are not placed on the market. Your product is sold to external customers. It is a product with digital elements under Article 3(1).

WRAPPER = PRODUCT

"Our desktop app is just an Electron wrapper — the real product is the web app"

An Electron desktop application is software installed on the user's device. Regardless of its technical architecture, it is a product with digital elements placed on the EU market. The fact that it wraps web content does not exempt it from CRA scope.

MARKET SHIFT

"Enterprise customers care about SOC 2, not European-specific regulations"

European enterprise customers are adding CRA to their vendor requirements alongside SOC 2. As enforcement approaches, CRA documentation becomes as expected as SOC 2 for products placed on the EU market. SOC 2 covers organizational controls; CRA covers product cybersecurity documentation. Both expected.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Default classification for PM software.

2

Technical Documentation

Art. 31 + Annex VII: platform architecture, desktop/mobile apps, sync engine, file storage, and integration layer.

3

Risk Assessment

PM-specific: project data access, file sharing security, real-time communication integrity, integration credential management.

4

User Information

Annex II for workspace admins: access control, data retention, integration permissions, update policy.

5

Declaration of Conformity

Art. 28 + Annex V.

6

CVD Policy

Vulnerability disclosure for PM platforms.

7

Notification Template

ENISA template per Article 14. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

8

Obligations Calendar

CRA milestones.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 SaaS COMPLIANCE CONSULTANT
€12,000–€25,000
8-14 weeks.
✓ CRACHECK
€149
€149. 15–25 min. 8 documents. Desktop, mobile, and cloud documented together.

Two layers

● LAYER 1

Documentation (CRACheck)

CRA documentation for your PM product: all platform components documented.

∅ LAYER 2

What CRACheck does NOT do

Does not test real-time sync security. Does not audit file sharing permissions. Does not verify Electron app sandboxing. Engineering tasks.

CRACheck documents. Engineering validates.

Enforcement regime

Article 64 of Regulation (EU) 2024/2847.

🔴
Essential requirements + manufacturer obligations (Art. 64(2))
€15,000,000 / 2.5%

Non-compliance with essential requirements or manufacturer obligations.

🟠
Documentation and conformity obligations (Art. 64(3))
€10,000,000 / 2%

Missing documentation or conformity assessment.

🟡
Misleading information (Art. 64(4))
€5,000,000 / 1%

Misleading information to authorities.

Alternatives

CriteriaSaaS compliance consultantGeneric CRA consultantInternal teamCRACheck
Time8-14 weeks8-16 weeks4-8 weeks15-25 minutes
Cost€12,000-€25,000€10,000-€20,000Staff hours€149
Multi-component coverageIf briefedPartiallyDependsYes
CRA outputCustomCustomInternal8 PDFs

Your productivity suite includes multiple products?

PM tool, docs platform, whiteboard app — each needs its own dossier. Volume: 10 at €99, 30 at €79.

Request Volume Pricing
Response within 24 business hours.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy is your responsibility.

We guarantee document structure and legal references are correct.

CRACheck is not legal advice.

Frequently asked questions

Our PM tool has an Electron desktop app. Does that trigger CRA?
Yes. An Electron application is software installed on the user's device — a product with digital elements under Article 3(1). The cloud platform behind it is remote data processing under Article 3(2). The Electron architecture (Chromium wrapper) does not change the legal classification.
We offer a free tier for small teams. Does CRA apply to the free version?
If the free tier is part of your commercial offering (gateway to paid plans), it is supplied in the course of commercial activity per Recital 18 of Regulation (EU) 2024/2847. CRA applies to both free and paid tiers.
Our platform integrates with Slack, GitHub, and Google Drive. Does that affect CRA?
Article 13(5) requires due diligence on third-party components. Document integrations in your technical documentation. Assess risks introduced by each integration: credential handling, data flow, and API security. You are not responsible for Slack's CRA compliance but are responsible for secure integration.
European teams store sensitive client data in our PM tool. Does data sensitivity affect CRA obligations?
CRA obligations are based on product characteristics, not data sensitivity. However, Annex I, Part I requires data confidentiality and integrity as essential cybersecurity requirements. Your risk assessment should address threats to the data your product handles.
We release updates weekly. How does that affect CRA documentation?
Routine updates (bug fixes, feature additions) do not typically require documentation updates. Substantial modifications per Article 22 — those affecting compliance with essential requirements — trigger reassessment. Your weekly release cadence is normal; document your update mechanism in the Annex II user information.
Is CRACheck a subscription?
No. One-time payment. 30 days of editing, 10 regenerations. The PDF is yours to keep.
Can I request a refund?
Per Article 16(m) of Directive (EU) 2011/83, activating the license constitutes express consent for immediate generation. Refunds only for reproducible technical failures.
What if the regulation changes?
Regenerate at no additional cost during your license period.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your EU enterprise client added CRA to the vendor assessment. Generate the documentation before the renewal deadline.

Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.

€149 one-time
8-document professional dossier · 15–25 minutes · No subscription · Browser-side
Generate CRA dossier — €149

Related landings

US SaaS

CRA Compliance for US SaaS Companies Selling to European Customers
CRM

CRA Requirements for US CRM Software Sold to Germany and France
ANALYTICS

CRA Compliance for US Analytics Platforms and Data Tools with European Clients
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history