What must a distributor verify under the CRA?

Article 20(1) of Regulation (EU) 2024/2847 requires distributors, before making a product available on the market, to verify that: the product bears the CE marking per Art. 30, the manufacturer has complied with Art. 13(15)–(16) and (19)–(21) on identification and user information, and the importer (where applicable) has complied with Art. 19(4) on importer identification. The distributor's verification is less deep than the importer's but still mandatory.

What is the difference between an importer and a distributor?

Article 3(18) defines an importer as any entity established in the EU that places a product from a third country on the EU market. Article 3(19) defines a distributor as any entity in the supply chain, other than the manufacturer or importer, that makes a product available on the market. The key difference: the importer is the first entity to place the product on the EU market from outside the EU. The distributor makes it available further down the chain.

When does a distributor become a manufacturer?

Article 20(5) of Regulation (EU) 2024/2847 states that a distributor who places a product on the market under its own name or trademark, or who makes a substantial modification to a product already placed on the market, is considered a manufacturer under Art. 13 and bears all manufacturer obligations. This mirrors the importer provision in Art. 19(9).

Must a distributor report non-compliance to authorities?

Yes. Article 20(3) requires that when a distributor has reason to believe that a product is not in conformity with Art. 13(1) — the essential cybersecurity requirements — the distributor shall not make the product available until it has been brought into conformity. If the product presents a significant cybersecurity risk, the distributor shall inform the manufacturer and the market surveillance authorities.

Is this a subscription?

No. One-time payment. The licence includes a 30-day editing window and 10 regenerations. The downloaded PDF is yours permanently.

Can I request a refund?

Article 16(m) of Directive (EU) 2011/83 applies. Upon licence activation, you give express consent for immediate generation of the digital content, waiving the 14-day withdrawal right. Refunds are accepted only for a reproducible technical defect.

What if the regulation changes?

If the regulation is amended during your licence validity period, you can regenerate the documentation using the updated version of the generator at no additional cost.

You distribute products with digital elements in the EU. Article 20 of Regulation (EU) 2024/2847 requires you to verify — before making the product available on the market — that the CE marking is affixed, the manufacturer and importer identification is present, and the user information per Annex II accompanies the product. If you rebrand it, you become the manufacturer. CRACheck documents your obligations.

Distributors have lighter obligations than manufacturers and importers, but they are not exempt. Art. 20(1) requires verification of CE marking, manufacturer/importer identification, and user information. Art. 20(2) requires that storage and transport conditions do not compromise compliance. Art. 20(3) requires distributors to withhold products they believe are non-compliant and to inform the manufacturer and authorities if the product presents a significant cybersecurity risk. Art. 20(5) triggers full manufacturer obligations if you rebrand or substantially modify the product. CRACheck generates the documentation covering all distributor obligations — or, if Art. 20(5) applies, the full manufacturer package. 15–25 minutes. €149.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Distributor obligations at a glance

Art. 20

Distributor obligations under the CRA

3 checks

CE marking, identification, user information

Art. 20(5)

Rebranding triggers manufacturer status

What the distributor must do

Verify CE marking

Art. 20(1): before making the product available on the market, verify that the product bears the CE marking per Art. 30. Visual inspection of the product, packaging, or accompanying documentation.

Verify manufacturer and importer identification

Art. 20(1): verify that the manufacturer has complied with Art. 13(15)–(16) (product identification, manufacturer name and contact) and the importer with Art. 19(4) (importer name and address).

Verify user information

Art. 20(1): verify that the manufacturer has complied with Art. 13(19)–(21) — the product is accompanied by user information per Annex II, the support period end date is displayed.

Ensure proper storage and transport

Art. 20(2): ensure that storage and transport conditions under the distributor's responsibility do not jeopardise the product's compliance with Annex I essential requirements.

Withhold non-compliant products

Art. 20(3): if the distributor has reason to believe the product does not conform to Art. 13(1), do not make it available until brought into conformity. Inform the manufacturer and, if significant risk exists, the market surveillance authorities.

Assess Art. 20(5) applicability

If you place the product under your own name or trademark, or make a substantial modification, you become the manufacturer under Art. 13. Run CRACheck to determine whether your situation triggers Art. 20(5).

Run CRACheck

CRACheck generates the documentation: as a pure distributor, the verification checklist and obligations calendar; if Art. 20(5) applies, the full 8-document manufacturer package per Art. 13.

Three mistakes distributors make

❌

NO DUE DILIGENCE

Distributing products without checking for CE marking or user information

Art. 20(1) is a mandatory pre-distribution check. A distributor who makes products available without verifying CE marking, manufacturer identification, or Annex II user information is liable under Art. 64(3). "We trusted the manufacturer" does not satisfy the verification requirement.

❌

SILENT NON-COMPLIANCE

Discovering a compliance issue and continuing to distribute without reporting

Art. 20(3) requires distributors to withhold non-compliant products and, if they present a significant cybersecurity risk, to inform the manufacturer and market surveillance authorities. Continuing to distribute after discovering non-compliance compounds the distributor's liability.

❌

UNAWARE REBRANDING

Adding your brand to the product without realising you become the manufacturer

Art. 20(5) is clear: placing the product under your own name or trademark makes you the manufacturer under Art. 13. This applies even if you change nothing but the label. A distributor who rebrands without preparing Art. 13 documentation — risk assessment, Annex VII file, CVD policy — is a non-compliant manufacturer.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Category per Annex III/IV. Confirms the product classification and the conformity assessment module the manufacturer should have used.

Technical Documentation

Annex VII. For pure distributors: documents the verification checklist. If Art. 20(5) applies: full Annex VII file as manufacturer.

Risk Assessment

Per Art. 13(2)–(3). Required only if Art. 20(5) applies. Pure distributors verify the manufacturer's compliance with Art. 13(1).

User Information

Per Annex II. Art. 20(1) requires distributors to verify this accompanies the product. Art. 20(2) requires storage conditions that do not compromise compliance.

Declaration of Conformity

Per Art. 28 and Annex V. Distributors verify the manufacturer's declaration exists.

CVD Policy

Per Annex I, Part II, point (5). Required if Art. 20(5) applies. Pure distributors forward vulnerability reports to the manufacturer.

Notification Template

Per Art. 14. Art. 20(3) requires distributors to inform the manufacturer and authorities of non-compliance presenting significant cybersecurity risk. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

Maps distributor-specific deadlines: pre-distribution verification, Art. 20(3) notification triggers, Art. 20(4) cooperation with authorities.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 THE ALTERNATIVE

Engaging a regulatory consultant to map your distributor obligations under Art. 20, assess whether Art. 20(5) applies, and produce due diligence documentation.

€5,000–€12,000

3–6 weeks. Per product line.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history