The EU declaration of conformity under Annex V of the Cyber Resilience Act is not a marketing statement — it is a legal document. Article 28(2) states that the declaration shall be continuously updated and made available for at least 10 years or the support period, whichever is longer. Article 28(4) requires it to follow the structure in Annex V. For a US software company without a European regulatory affairs team, producing this document correctly — alongside the technical documentation under Article 31 that supports it — is a task CRACheck completes in 15-25 minutes for €149.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
CRA declarations of conformity follow Annex V of Regulation (EU) 2024/2847, which has specific content requirements distinct from declarations under the Machinery Directive, EMC Directive, or other CE marking frameworks. Using a template from another regulation will produce a non-compliant declaration. Annex V requires specific references to the CRA, the conformity assessment module used, and the essential cybersecurity requirements addressed.
Article 28(1) states that the manufacturer draws up the EU declaration of conformity. The declaration is signed by a person authorized to bind the manufacturer. An EU distributor is not the manufacturer. An authorized representative under Article 18 has specific mandate limitations per Article 18(2) and cannot take on manufacturer obligations under Article 13. The declaration signature comes from your company.
A declaration of conformity without supporting technical documentation is legally meaningless. Article 28(1) requires the declaration to state that the essential requirements have been fulfilled. Article 31 requires the manufacturer to draw up technical documentation demonstrating compliance. If a market surveillance authority requests proof, the technical documentation behind the declaration must exist. CRACheck generates both together.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Annex III classification determining the conformity assessment procedure referenced in the declaration.
Art. 31 + Annex VII. The substantive evidence behind the declaration. Without this, the declaration has no foundation.
Art. 13(2)-(3). Part of the technical documentation that supports the declaration's claim of compliance with Annex I essential requirements.
Annex II. Referenced in the declaration as part of the manufacturer's obligations.
Art. 28 + Annex V. The formal declaration itself: manufacturer identity, product identification, conformity procedure, applicable standards or essential requirements, and compliance statement. Pre-filled, ready for signature.
Annex I, Part II. Demonstrates vulnerability handling compliance referenced in the declaration's scope.
Art. 14. Supporting document for the vulnerability handling obligations claimed in the declaration. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Timeline for declaration maintenance: update triggers, 10-year retention requirement, support period alignment.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
Generates the declaration of conformity per Annex V alongside the complete supporting dossier: technical documentation, risk assessment, user information, vulnerability handling policy. The declaration and its foundation are produced as an integrated package.
Does not sign the declaration on your behalf — that requires your authorized signatory. Does not verify that your product actually meets the essential requirements — that is your engineering obligation. Does not serve as a notified body for products requiring third-party assessment.
CRACheck generates the document framework. You verify the substance and sign. Both steps are necessary.
Article 64 of Regulation (EU) 2024/2847.
Non-compliance with essential requirements or manufacturer obligations.
Specifically covers non-compliance with Article 28 (declaration of conformity).
Misleading information including inaccurate declarations.
| Criteria | Regulatory consultant | CE marking template adapted | DIY from Annex V | CRACheck |
|---|---|---|---|---|
| Time | 6-16 weeks | Quick but wrong format | Hours of legal reading | 15-25 minutes |
| Cost | €13,000-€28,000 | Low but non-compliant | Staff time | €149 |
| Includes supporting dossier | Varies (separate scope) | No | No | Yes — 8 documents |
| CRA-specific Annex V format | Yes | No (wrong regulation) | If done correctly | Yes |
Each product with digital elements needs its own declaration under Article 28. If your company sells 10 software products in the EU, you need 10 declarations with 10 supporting dossiers. Volume pricing: 10 products at €99, 30 at €79.
Request Volume PricingCRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847, including a declaration of conformity per Article 28 and Annex V, from the information you provide. The accuracy of that information is your responsibility as the manufacturer.
We guarantee that the declaration structure follows Annex V and that the legal references cited are correct. We do not guarantee that a specific market surveillance authority will accept the declaration in a particular case.
CRACheck is not legal advice. For questions about signatory authority, authorized representative mandates, or declaration validity across jurisdictions, consult a qualified attorney.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.