CRA Robot Vacuum Smart Appliance China EU

Key numbers

Home data

Robot vacuums collect floor plans, movement patterns, camera images. Annex I requires data protection.

Default / Class I

Without camera = typically Default. With camera for home monitoring = may be Class I (Annex III.17).

€149

Per appliance model. CRA documentation covering WiFi, camera, LIDAR, cloud and companion app.

CRA documentation for a Chinese smart appliance manufacturer

Every smart appliance in a European home needs CRA documentation. Start with your best-seller.

Classify your product

Robot vacuum without camera: Default. Robot vacuum with camera that can monitor the home: may be Class I. Smart air purifier, coffee machine: Default if no security functionality. Use CRACheck classifier.

Map data collected

LIDAR floor maps, camera images, WiFi network name, usage patterns, scheduling data, companion app credentials, voice commands (if applicable).

Generate CRA dossier

Enter product specifications into CRACheck. 15-25 minutes per model.

Review data protection documentation

Annex I Part I point 1(c) requires confidentiality of stored, transmitted and processed data. Annex I Part I point 1(f) requires data minimisation. Document both.

Deliver to EU retailers and distributors

MediaMarkt, Amazon, Fnac and EU smart home distributors will require CRA documentation.

Every smart appliance in a European home needs CRA documentation. Start with your best-seller.

Smart appliance CRA mistakes

❌

ANNEX I, PART I, 1(f)

Our robot vacuum collects home data for mapping — that is its function, not a security issue

Annex I Part I point 1(f) of Regulation (EU) 2024/2847 requires products to minimise the processing of personal or other data to the minimum necessary for the intended purpose. Collecting a detailed 3D floor map, storing it in the cloud indefinitely and making it accessible via an API goes beyond the minimum necessary for vacuum navigation. Document your data minimisation approach.

❌

ANNEX III.17

Our vacuum has a camera but it is for obstacle avoidance — not security monitoring

The classification depends on how the product is marketed and what it can reasonably be used for. If your companion app allows the user to view the live camera feed remotely, the camera functions as home monitoring regardless of its primary purpose. Market surveillance authorities may classify it under Annex III point 17. Document conservatively.

❌

ART. 13.5

We use a third-party LIDAR module — their security is their problem

Article 13.5 requires due diligence on third-party components. If the LIDAR module processes spatial data and transmits it to your main processor, you must ensure the data pipeline is secure. The LIDAR vendor's security posture affects your product's cybersecurity. Document the integration.

What each CRACheck dossier contains: 8 documents

Smart appliances combine physical function with digital connectivity. CRACheck generates 8 documents covering the cybersecurity of the digital layer.

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for smart appliance CRA documentation

🧾 SMART HOME PRODUCT COMPLIANCE CONSULTANCY

€8,000–€18,000

Per product family. 3-6 months.

✓ CRACHECK

€149

8 documents. 15 min. Per appliance model.

Cybersecurity documentation vs. privacy assessment

● LAYER 1

What CRACheck does

Generates Annex VII documentation for your smart appliance. Covers WiFi, camera/LIDAR, cloud storage, companion app, OTA updates and data minimisation.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not perform GDPR Data Protection Impact Assessment, test your cloud API security or scan your companion app for vulnerabilities. CRA covers cybersecurity documentation. Privacy assessment is separate.

We document cybersecurity. You handle privacy assessment.

CRA penalty regime — Article 64 of Regulation (EU) 2024/2847

Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.

🇪🇺

Non-compliance with essential cybersecurity requirements (Annex I) and Art. 13/14 obligations

€15M / 2.5%

Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.

🇪🇺

Non-compliance with technical documentation (Art. 31), authorised representative (Art. 18), conformity assessment (Art. 32)

€10M / 2%

Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.

🇪🇺

Supply of incorrect, incomplete or misleading information to authorities

€5M / 1%

Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.

Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.

Alternatives

Alternative	Cost	What you get
Smart home consultancy	€8,000–€18,000	Per product family. 3-6 months.
Rely on existing CE (EMC/LVD)	€0	Does not cover Annex I cybersecurity requirements.
Assume GDPR compliance covers CRA	€0	GDPR covers data protection. CRA covers cybersecurity. Both required.
CRACheck	€149	8 docs. 15 min. Covers camera, LIDAR, cloud, app.

Your smart appliance catalogue spans multiple product categories?

Robot vacuum, smart purifier, connected oven — each model with different firmware or connectivity needs its own dossier. Volume pricing: €99/product (10-pack), €79/product (30-pack).

Request volume pricing

Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Does a smart coffee machine need CRA documentation?

If it connects to WiFi or Bluetooth and has a companion app, it is a product with digital elements under Art. 2.1. It is typically Default (not in Annex III). Module A self-assessment applies. The documentation must cover the data connection, update mechanism and any data collected.

Does the CRA cover the voice assistant in my smart appliance?

If your appliance integrates a voice assistant (Alexa, Google, proprietary), the voice processing component is part of the product. Document the voice data flow: local processing vs. cloud, encryption, retention. Annex III point 16 lists "smart home general purpose virtual assistants" as Class I — if your appliance functions primarily as a virtual assistant, this classification may apply.

Can I reuse one CRA dossier for robot vacuum models that differ only in suction power?

If the models share identical firmware, WiFi module, camera/LIDAR system, companion app and cloud architecture, one dossier may cover all variants. If they differ in connectivity or digital features, separate documentation is required.

What support period for a robot vacuum?

Consumers use robot vacuums for 3-5 years. Art. 13.8 requires the support period to reflect expected use. 3-5 years of security updates is a reasonable declaration.

Is this a subscription?

No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.

What if the regulation changes?

If the regulation changes during the validity of your licence, you can regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act — full text

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.