A smart meter gateway sits at the boundary between consumer energy infrastructure and the electricity grid. A compromised gateway can manipulate metering data, enable energy theft or, in extreme scenarios, affect grid load management. The CRA recognises this by placing smart meter gateways in Annex IV — the Critical product list. Certification requirements are the most stringent. CRACheck generates the Annex VII technical documentation that every certification process begins with. 8 PDF documents. 15-25 minutes. €149 per gateway model. Browser-side.
€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side
Critical classification. Maximum scrutiny. Start with the documentation.
Critical classification. Maximum scrutiny. Start with the documentation.
Annex IV point 2 does not require the gateway to be complex. It lists "smart meter gateways within smart metering systems." If your product functions as a gateway between smart meters and the energy management system, it is Critical. The function determines the classification, not the complexity.
No. Article 32.4 requires Critical products to demonstrate conformity using a European cybersecurity certification scheme or, where unavailable, the procedures of Art. 32.3 (which require a notified body). Module A is not available for Critical products.
National smart metering standards (BSI-PP in Germany, SMETS in UK) cover metering requirements. CRA covers cybersecurity requirements under a separate EU-wide framework. Meeting national metering standards does not satisfy CRA Annex I requirements or Annex VII documentation obligations.
Critical products face the most stringent CRA requirements. CRACheck generates the 8 documents that underpin the certification process.
Determines product category per Annex III. Defines conformity assessment route under Art. 32.
Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.
Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.
Information and instructions per Annex II. Security properties, support period, vulnerability reporting.
EU declaration of conformity per Art. 28 and Annex V.
Coordinated Vulnerability Disclosure policy per Annex I Part II.
Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.
Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated in your browser. No product data is transmitted to any server.
Generates the Annex VII technical documentation for your smart meter gateway. The documentation that the certification body or notified body will review first.
CRACheck does not perform the certification. For Critical products, certification under Art. 32.4 is mandatory. CRACheck generates the documentation input. The certification body issues the certificate.
We document. The certification body certifies.
Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.
Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.
Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.
Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.
Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.
| Alternative | Cost | What you get |
|---|---|---|
| Full certification consultancy | €50,000–€150,000 | 6-18 months. Complete. |
| Assume national standards cover CRA | €0 | National metering standards ≠ CRA cybersecurity. |
| Classify as Default to avoid certification | €0 | Incorrect. Annex IV.2 = Critical. Market surveillance will verify. |
| CRACheck + separate certification | €149 + cert fee | Documentation in 15 min. Certification on your timeline. |
DLMS/COSEM, OSGP, G3-PLC — each gateway model with different firmware needs its own CRA dossier. Volume pricing: €99/model (10-pack), €79/model (30-pack).
Request volume pricingCRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.
CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.