We have no legal entity in the EU. Can we still comply?

Yes. The CRA does not require you to have an EU legal entity. However, Article 18 allows you to appoint an authorised representative in the EU by written mandate. This representative can hold your Declaration of Conformity and technical documentation for market surveillance authorities. Your EU importer separately carries obligations under Article 19.

Does the CRA apply to products we sell on Amazon EU or AliExpress to EU buyers?

Yes. Article 2(1) applies to products made available on the EU market. If a European consumer can purchase your product through any channel — marketplace, direct website, or through an importer — the CRA applies. The sales channel does not affect scope.

Our IP camera is sold as a home security device. Is that Annex III?

Annex III Class I item 17 lists "smart home products with security functionalities, including security cameras." An IP camera marketed as a home security device falls squarely within this category, meaning it is classified as Important Class I with corresponding conformity assessment requirements under Article 32.

What happens if our EU importer discovers we have no CRA documentation?

Article 19(3) prohibits importers from placing products on the EU market if they have reason to believe the manufacturer has not complied with the CRA. Your importer is legally required to refuse your shipment. This is not optional for them — it is a legal obligation.

Is this a subscription?

No. One-time payment. 30 days editing, 10 regenerations. PDF yours permanently.

Can I request a refund?

Under Article 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent for immediate digital content generation. Refunds only for reproducible technical failures.

What if the regulation is amended?

Regenerate at no additional cost during licence validity.

You manufacture connected electronics in Vietnam under your own brand and export them to the European Union through importers and online marketplaces. Regulation (EU) 2024/2847 applies to every product with digital elements placed on the EU market — regardless of where it was manufactured. As the manufacturer under Article 3(13), the technical documentation obligation is yours. CRACheck generates it.

Vietnam's electronics export sector has grown rapidly. If you manufacture IP cameras, smart plugs, LED controllers, routers, or any connected device under your brand and sell it into the EU, you are the manufacturer under the CRA. Article 13 assigns you the full set of obligations: cybersecurity risk assessment, technical documentation per Annex VII, EU Declaration of Conformity, vulnerability reporting to ENISA. Your EU importer must verify this documentation exists under Article 19 before placing your product on the market. Without it, your products stop at the border. CRACheck generates the 8-document dossier in 15–25 minutes. €149 per product. 100% browser-side — no data leaves your device.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

Art. 19

EU importer must verify your documentation before market placement

€15M

Maximum fine for non-compliance with Annex I (Art. 64(2))

15 min

Complete dossier generation time

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Classify your product

CRACheck checks whether your device is Default or Important under Annex III (IP cameras and security devices fall under Class I item 17; routers under item 12)

Enter product specifications

Hardware model, firmware version, connectivity protocols, data processing functions, user authentication

Map your cybersecurity implementation

Encryption, secure boot, OTA update mechanism, default credentials policy, data minimisation

Document vulnerability handling

How your team identifies, patches, and discloses vulnerabilities; your coordination process with ENISA

Set your support period

Minimum 5 years of security updates from market placement (Art. 13(8))

Generate the 8-document dossier

Aligned with Art. 31 + Annex VII, ready to provide to your EU importer

Attach to your export shipment documentation

Your EU importer verifies this file under Article 19 before customs clearance

Common mistakes

❌

ORIGIN IRRELEVANCE

"The CRA is a European regulation — it does not apply to Vietnamese companies"

Article 2(1) of Regulation (EU) 2024/2847 applies to products with digital elements made available on the EU market. The regulation does not distinguish by manufacturer location. If your product reaches an EU consumer or business, the CRA applies to you as the manufacturer under Article 3(13), regardless of your company being registered in Vietnam.

❌

MARKETPLACE SHIELD

"We sell through Amazon or online marketplaces — the platform handles compliance"

Marketplaces are not the manufacturer. Under the CRA, the manufacturer (Article 3(13)) is the entity that develops or manufactures the product and markets it under its name. If the product carries your brand, you are the manufacturer. The marketplace may have separate obligations as an online platform, but your documentation obligations under Article 13 and Article 31 remain yours.

❌

IMPORTER RELIANCE

"Our EU importer will create the technical documentation for us"

Article 19 assigns the importer a verification role — they must ensure that the manufacturer has carried out the conformity assessment and prepared technical documentation. Importers verify; they do not produce documentation on your behalf. If they cannot verify your documentation, they are prohibited from placing your product on the market under Article 19(3).

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Classifies your device against Annex III. IP cameras and smart home security devices are Class I (item 17). Routers and modems are Class I (item 12). Smart plugs without security functions may be Default. Classification determines your conformity assessment path.

Technical Documentation

Art. 31 + Annex VII dossier: product design, firmware architecture, connectivity, security measures, manufacturing quality controls. Structured for importer verification.

Risk Assessment

Annex I Part I cybersecurity risk analysis: remote access vulnerabilities, default credential exploitation, firmware update integrity, data privacy risks, physical tampering.

User Information

Annex II consumer documentation: initial setup guide, password change instructions, firmware update procedure, factory reset, support contact, end-of-support date.

Declaration of Conformity

Art. 28 + Annex V. Your EU importer needs this document as proof of your conformity assessment.

CVD Policy

Coordinated vulnerability disclosure: contact channel for security researchers, response timelines, patch distribution plan.

Notification Template

Art. 14 ENISA notification: 24h early warning, 72h notification, 14-day final report for actively exploited vulnerabilities.

Obligations Calendar

Art. 14 reporting from 11 September 2026, full enforcement 11 December 2027, product support period milestones.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 INTERNATIONAL COMPLIANCE CONSULTANCY

$10,000–$20,000

6–12 weeks. Requires sharing firmware and design with external party. Few consultants with CRA expertise operate in Vietnam. Repeat cost for each new product.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history