Turkish appliance manufacturers are deeply integrated into the EU market. The customs union covers industrial products under existing harmonisation directives. But the Cyber Resilience Act is a new regulation with new requirements. It adds cybersecurity documentation obligations — Annex VII technical file, Annex I essential requirements, Art. 14 vulnerability reporting — on top of your existing CE framework. Your EU importers and retailers will need to verify this documentation under Article 19 and Article 20 before placing your products on the market after 11 December 2027. CRACheck generates the 8-document dossier in 15–25 minutes. €149 per appliance model. All data stays in your browser.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
The customs union covers the free movement of industrial goods and alignment with certain EU harmonisation directives. Regulation (EU) 2024/2847 is a new regulation that Turkey has not yet transposed into domestic law. Even under the customs union, Turkish manufacturers placing products on the EU market must comply with all applicable EU product regulations. The CRA applies based on market placement, not manufacturer location.
CE marking under the Low Voltage Directive, EMC Directive, or Radio Equipment Directive addresses electrical safety, electromagnetic compatibility, and specific radio requirements. None of these covers the full scope of the CRA's cybersecurity essential requirements (Annex I), vulnerability handling obligations (Art. 14), or technical documentation structure (Annex VII). The CRA adds a separate, parallel layer.
Under Article 20, distributors must verify that the manufacturer has complied with CRA obligations — not create documentation on the manufacturer's behalf. Under Article 19, importers must ensure that the conformity assessment has been carried out and that technical documentation exists before placing the product on the market. Both are verification roles. The documentation obligation is yours as manufacturer under Article 13.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Classifies your connected appliance. Smart home products with security functionalities (Annex III Class I, item 17) include devices with smart locks, security cameras, or alarm functions. Determines your conformity assessment path.
Art. 31 + Annex VII dossier: appliance design, connectivity architecture, firmware management, security features, production quality controls.
Annex I Part I cybersecurity risk analysis for connected household appliances: remote access risks, data exposure, firmware tampering, physical interface attacks.
Annex II consumer documentation in the language required by the destination market: secure setup guide, password management, update instructions, factory reset procedure, support contact.
Art. 28 + Annex V. A separate CRA Declaration alongside your existing LVD, EMC, and RED Declarations.
How consumers and security researchers report vulnerabilities in your appliances. Response timelines and patch distribution process.
Art. 14 ENISA notification: 24h early warning, 72h notification, 14-day final report for actively exploited vulnerabilities.
CRA enforcement dates, your model-specific support period, firmware update milestones.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
CRACheck generates the Art. 31 + Annex VII cybersecurity dossier that your EU importers and distributors will verify under Articles 19 and 20. It classifies your appliance, structures your security measures against Annex I, and produces 8 PDFs that sit alongside your existing CE technical file. This is the documentation layer that the CRA adds to your export requirements.
CRACheck does not implement encryption in your appliance's firmware, design your OTA update mechanism, or build authentication features. If your connected appliance does not yet meet the essential cybersecurity requirements of Annex I Part I, the engineering work must happen before the documentation can accurately reflect compliance.
Turkish manufacturers already integrated into EU supply chains need Layer 1 now. Your importers and retailers will start requesting CRA documentation well before the December 2027 deadline.
Article 64 of Regulation (EU) 2024/2847.
Annex I + Art. 13/14.
Art. 28, 31, 32.
Misleading information.
| Criterion | Turkish Compliance Firm | EU Compliance Firm | Internal Team | CRACheck |
|---|---|---|---|---|
| Time per model | 6–12 weeks | 8–16 weeks | 4–10 weeks | 15–25 minutes |
| Cost | €8,000–€15,000 | €12,000–€20,000 | Staff allocation | €149 |
| CRA expertise | Limited (new regulation) | Variable | Learning curve | Built-in Annex VII structure |
| Data sovereignty | Shared locally | Shared with EU firm | Internal | 100% browser-side |
Turkish manufacturers typically export multiple connected appliance models to Europe. Each model with distinct connectivity and firmware requires its own CRA dossier. Volume pricing: €99/model (pack 10), €79/model (pack 30).
Request Volume PricingCRACheck generates a structured document aligned with Article 31 and Annex VII of Regulation (EU) 2024/2847 based on the appliance data you provide. The accuracy of that data is your responsibility as manufacturer.
We guarantee the document structure follows Art. 31 + Annex VII and that all cited legal references are correct. We do not guarantee acceptance by an EU market surveillance authority or importer in a particular case.
CRACheck is not legal advice. For questions about the customs union's interaction with the CRA, Annex III classification, or the need for an EU authorised representative under Article 18, consult a regulatory attorney.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.