Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Annex IV point 2 of Regulation (EU) 2024/2847 classifies "smart meter gateways within smart metering systems" as Critical products — the highest classification tier. Article 32.4 requires certification under a European cybersecurity certification scheme or, where unavailable, the conformity assessment procedures of Article 32.3. Your smart meter gateway documentation is the foundation of the certification process. CRACheck generates it.

A smart meter gateway sits at the boundary between consumer energy infrastructure and the electricity grid. A compromised gateway can manipulate metering data, enable energy theft or, in extreme scenarios, affect grid load management. The CRA recognises this by placing smart meter gateways in Annex IV — the Critical product list. Certification requirements are the most stringent. CRACheck generates the Annex VII technical documentation that every certification process begins with. 8 PDF documents. 15-25 minutes. €149 per gateway model. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Critical
Annex IV point 2. Smart meter gateways. Highest CRA classification.
Art. 32.4
Certification required. European cybersecurity certification scheme or Art. 32.3 procedures.
€149
Annex VII documentation — the input to the certification process.

CRA certification path for a smart meter gateway manufacturer

Critical classification. Maximum scrutiny. Start with the documentation.

1
Confirm Critical classification
Annex IV point 2: smart meter gateways. No ambiguity.
2
Determine certification route
Art. 32.4: if a European cybersecurity certification scheme under Regulation (EU) 2019/881 is available, use it. If not, fall back to Art. 32.3 procedures (Module B+C or Module H by notified body).
3
Generate Annex VII documentation
CRACheck produces the 8-document foundation. 15-25 minutes.
4
Submit to certification body or notified body
The documentation is the starting point. The assessment body reviews, audits and certifies.
5
Deliver to EU energy utility customers
Utilities require both CRA certification and technical documentation in procurement.

Critical classification. Maximum scrutiny. Start with the documentation.

Smart meter gateway CRA mistakes

ANNEX IV

Our gateway is a simple metering communication device — not critical

Annex IV point 2 does not require the gateway to be complex. It lists "smart meter gateways within smart metering systems." If your product functions as a gateway between smart meters and the energy management system, it is Critical. The function determines the classification, not the complexity.

ART. 32.4

Module A self-assessment is available for Critical products

No. Article 32.4 requires Critical products to demonstrate conformity using a European cybersecurity certification scheme or, where unavailable, the procedures of Art. 32.3 (which require a notified body). Module A is not available for Critical products.

ENERGY REGULATION

Our gateway already meets national smart metering standards

National smart metering standards (BSI-PP in Germany, SMETS in UK) cover metering requirements. CRA covers cybersecurity requirements under a separate EU-wide framework. Meeting national metering standards does not satisfy CRA Annex I requirements or Annex VII documentation obligations.

What each CRACheck dossier contains: 8 documents

Critical products face the most stringent CRA requirements. CRACheck generates the 8 documents that underpin the certification process.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for gateway CRA documentation

🧾 SMART METER GATEWAY CERTIFICATION CONSULTANCY
€50,000–€150,000
Certification + documentation + testing. 6-18 months.
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history