Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Annex III point 12 of Regulation (EU) 2024/2847 lists "routers, modems intended for the connection to the internet, and switches" as Important Class I products. Your router is not a Default product. If harmonised standards are not fully applied, Article 32.2 requires conformity assessment by a notified body. CRACheck generates the technical documentation under Annex VII that the notified body will review.

Your router already carries CE marking under RED 2014/53/EU for radio and EMC. From 11 December 2027, it must also comply with the essential cybersecurity requirements of Annex I of Regulation (EU) 2024/2847. Routers are explicitly Class I — no classification doubt. The technical documentation obligation under Article 31 is separate from your RED technical file. European ISPs and distributors that carry your routers are adding CRA clauses to procurement contracts. CRACheck generates 8 PDF documents structured per Annex VII. 15-25 minutes. €149. 100% browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Annex III.12
Routers, modems and switches explicitly listed as Important Class I products.
Art. 13.8
Support period obligation. Manufacturer must provide security updates for a defined period.
€149
Documentation per router model. 15 minutes. Compare with months of consultancy.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

1
Confirm classification
Annex III point 12. Routers = Class I. No ambiguity.
2
Map cybersecurity properties
Firmware update mechanism (OTA, manual), default credentials policy, network segmentation, encryption protocols, vulnerability disclosure channel.
3
Generate Annex VII documentation
CRACheck structures the 8 documents from your router's specifications. 15-25 minutes.
4
Engage notified body
If harmonised standards are not fully applied, submit documentation for Module B+C or Module H assessment under Art. 32.2.
5
Update Declaration of Conformity
Add Regulation (EU) 2024/2847 alongside RED.
6
Deliver to EU customers
ISPs, distributors and marketplace operators receive the updated documentation package.

Common mistakes

ART. 13.6

"Our routers ship with admin/admin default credentials — we tell users to change them"

Annex I Part I point 1(d) of Regulation (EU) 2024/2847 requires products to be delivered with secure default configuration. Recital 57 specifies that products should not be made available with known exploitable vulnerabilities, including default passwords that are common or easily guessable. If your router ships with universal default credentials, it fails Annex I requirements.

ANNEX I, PART II

"We handle firmware updates — vulnerability handling is covered"

Annex I Part II requires a documented vulnerability handling process: identify, document, address and remediate vulnerabilities without delay. This includes provision of security updates, SBOM, coordinated vulnerability disclosure policy and a contact address for reporting. A firmware update mechanism is one component. The CRA requires the full process to be documented.

ART. 13.8

"Our router model has a 2-year warranty — that covers the support period"

Article 13.8 requires the manufacturer to determine a support period that reflects the expected time of use. For routers, users expect 5-7 years. A 2-year warranty covers hardware defects. The CRA support period covers security updates and vulnerability handling. They are different obligations.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Confirms Class I classification per Annex III point 12. No ambiguity for routers.

2

Technical Documentation

Art. 31 + Annex VII. Covers network interface documentation, encryption, default configuration, firmware update architecture.

3

Risk Assessment

Art. 13.2-13.3. Includes network exposure, unauthorized access, traffic interception scenarios.

4

User Information

Annex II. Secure configuration, admin credential change, firmware update instructions.

5

Declaration of Conformity

Art. 28 + Annex V. References CRA alongside RED.

6

CVD Policy

Coordinated Vulnerability Disclosure — critical for routers given high exposure.

7

Notification Template

Art. 14 ENISA notification. Pre-structured for the 24h/72h/14d timeline.

8

Obligations Calendar

CRA dates mapped to your router product lifecycle.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 EUROPEAN ROUTER CERTIFICATION CONSULTANCY
€12,000–€30,000
Per model. Includes security testing and documentation. 4-8 months.
✓ CRACHECK
€149
8 documents. 15 min. Documentation only — you handle testing separately. Pack 10: €99/product. Pack 30: €79/product.

Two layers

● LAYER 1

What CRACheck does

Generates the Annex VII documentation for your router. Covers firmware architecture, update mechanism, vulnerability handling, SBOM and risk assessment. The documentation a notified body reviews.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not perform penetration testing, firmware binary analysis or network security scanning. If your router has unpatched CVEs, the documentation will not mask them. Fix first, document second.

We document. You secure the firmware.

Enforcement regime

Article 64 of Regulation (EU) 2024/2847.

🔴
Non-compliance with Annex I + Art. 13/14 (Art. 64(2))
€15,000,000 / 2.5%

Art. 64.2.

🟠
Non-compliance with Art. 31, Art. 28, Art. 32 (Art. 64(3))
€10,000,000 / 2%

Art. 64.3.

🟡
Incorrect or misleading information (Art. 64(4))
€5,000,000 / 1%

Art. 64.4.

Alternatives

CriterionRouter certification consultancyRely on RED certification aloneSelf-assess under Module A (incorrect for Class I)CRACheck
Cost€12,000–€30,000€0€0€149
ResultTesting + docs. 4-8 months.RED does not cover CRA Annex I.Non-compliant without harmonised standards.8 docs. 15 min. Class I documentation for notified body review.

Your router portfolio includes multiple models?

Consumer router, mesh node, LTE gateway, enterprise switch — each model needs its own Annex VII dossier. Volume pricing: €99/product (10-pack), €79/product (30-pack).

Request Volume Pricing
Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Are mesh WiFi nodes separate products or part of the router?
If each mesh node has its own firmware, own model number and is sold separately, each is a separate product and needs its own documentation. If the mesh system is sold as a single product (one SKU, one firmware), a single dossier may cover the system.
Does the CRA apply to LTE/5G routers with SIM slots?
Yes. Any product with digital elements placed on the EU market falls under Art. 2.1. Routers are Class I under Annex III point 12 regardless of the connectivity technology.
What support period is expected for routers?
Art. 13.8 requires the manufacturer to determine the support period reflecting expected time of use. Recital 59 references 5 years as a default. For routers, ISPs and consumers expect 5+ years.
Must we provide automatic firmware updates?
Annex I Part II point 8 requires security updates to be provided without delay and, where applicable, through automatic updates with a user opt-out. For routers, users expect automatic security updates.
Is this a subscription?
No. One-time payment. 30 days editing, 10 regenerations. PDF yours permanently.
Can I request a refund?
Pursuant to Art. 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent. Refunds only for reproducible technical failures.
What if the regulation changes?
Regenerate at no additional cost during licence validity.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your router is Class I. Annex VII documentation is not optional. Generate it — 15 minutes, €149.

Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.

€149 one-time
8-document professional dossier · 15–25 minutes · No subscription · Browser-side
Generate CRA dossier — €149

Related landings

WiFi MODULE

CRA requirements Zigbee Bluetooth WiFi module manufacturer China
SMART PLUG

CRA compliance WiFi smart plug China seller Amazon Germany
NAS

CRA compliance NAS storage device manufacturer China EU
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history