Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your European client's contract includes a clause referencing Regulation (EU) 2024/2847. It requires you to deliver Annex VII technical documentation with the software. You are a developer, not a compliance officer. CRACheck translates Article 31 into a structured questionnaire and generates the 8 documents your client expects.

European contracts are being updated to include Cyber Resilience Act clauses. The typical clause reads: "The supplier shall deliver technical documentation in accordance with Annex VII of Regulation (EU) 2024/2847." For a 5-person development shop in India, parsing a 81-page EU regulation is not a realistic option. CRACheck converts the 8 sections of Annex VII into engineering questions you already know the answers to. Architecture? You designed it. Components? You chose them. Vulnerability process? You run it. 15–25 minutes. €149. 100% browser-side — your client's data stays on your machine.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side — your data never leaves your device

What the CRA clause in your contract means

81 pages
Length of Regulation (EU) 2024/2847. You do not need to read it. CRACheck maps it for you.
15–25 min
Time to complete the CRACheck questionnaire per product.
€149
Per product. Less than one day of your billing rate.

How to generate the documentation your contract requires

1
Read the CRA clause in your contract
Look for references to Regulation (EU) 2024/2847, Annex VII, technical documentation, SBOM, or vulnerability handling. CRACheck covers all of these.
2
Classify your product
Use the free CRACheck classifier. Most custom software is Default category (Art. 32(1)(a) — self-assessment Module A).
3
Complete the CRACheck questionnaire
15–25 minutes. Questions about architecture, components, security measures, update mechanism, vulnerability handling.
4
Download the 8-PDF ZIP
Structured under Art. 31 + Annex VII. Professional formatting. Ready to attach to the contract deliverables.
5
Send to your client
Attach the ZIP to your delivery. The documentation speaks for itself.

Three mistakes indie developers make with the CRA

COMMON MISTAKE

"I will ask the client what exactly they need"

Your client expects you to know. The clause references Regulation (EU) 2024/2847 and Annex VII. Those are the specifications. Asking the client to explain a regulation they have already cited signals that you are unfamiliar with EU compliance. CRACheck gives you the output format your client expects without revealing the learning curve.

COMMON MISTAKE

"A README and API docs should satisfy the contract clause"

API documentation describes how to use the software. Annex VII of Regulation (EU) 2024/2847 describes how the software was designed, developed, tested, and secured. Section 2(a) requires architecture diagrams. Section 2(b) requires an SBOM and CVD policy. Section 3 requires a cybersecurity risk assessment. These are compliance documents, not user documentation.

COMMON MISTAKE

"This regulation starts in 2027 — the contract clause is premature"

The regulation applies from 11 December 2027 (Art. 71(2)). But your client is preparing now because the technical documentation under Annex VII §2 must describe the design and development process — not just the final product. Clients who wait until December 2027 will not be able to retroactively document design decisions made in 2025 or 2026.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Classification under Annex III/IV. Most custom software for EU clients falls under Default category.

2

Technical Documentation

Full Annex VII. The document your contract clause requires.

3

Risk Assessment

Art. 13(2) cybersecurity risk assessment. Structured format — no compliance expertise needed.

4

User Information

Annex II. 9 information points for end-user documentation.

5

Declaration of Conformity

Art. 28 + Annex V. For your client to sign.

6

CVD Policy

Coordinated vulnerability disclosure policy (Annex I Part II §5).

7

Notification Template

Art. 14 ENISA notification template. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

8

Obligations Calendar

Key dates: Sept 2026 (Art. 14), Dec 2027 (full).

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 EU REGULATORY LAWYER
€3,000–€8,000
4–8 weeks. Your margin on the contract disappears.
✓ CRACHECK
€149
8 documents. 15–25 minutes. Margin intact.

Two layers: what CRACheck does and does not do

● What CRACheck does

Converts Annex VII into engineering questions

Generates 8 PDF documents from your answers. 15–25 minutes. €149.

∅ What CRACheck does NOT do

Contract interpretation and conformity assessment

Does not interpret the specific CRA clause in your contract. Does not perform the conformity assessment (Art. 32). Does not advise on contractual liability.

We handle the documentation format. You provide the engineering knowledge.

Enforcement regime

Article 64 of Regulation (EU) 2024/2847.

🇪🇺
Non-compliance with Annex I + Art. 13, 14
€15M / 2.5%

Art. 64(2).

🇪🇺
Non-compliance with Art. 31 (technical documentation)
€10M / 2%

Art. 64(3).

🇪🇺
Incorrect or misleading information
€5M / 1%

Art. 64(4).

Alternatives

AlternativeCostWhat you get
EU regulatory lawyer€3,000–€8,000Documentation + legal advice. 4–8 weeks.
Parse the 81-page regulation yourselfFree + daysNo guarantee the output matches what your client expects.
Sign the contract without understanding the clause€0Contractual liability for documentation you cannot produce.
CRACheck€1498 documents. 15–25 minutes. Structured under Annex VII.

You develop multiple products for European clients?

Each CRACheck licence covers one product. If you deliver software for 5 or 10 European clients, each product needs its own Annex VII dossier. Contact us for volume pricing.

Request Volume Pricing
Response within one business day

What CRACheck guarantees and what it does not

CRACheck generates a structured document under Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy of the information is your responsibility as the developer providing engineering inputs.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee acceptance by a market surveillance authority or by your EU client in a specific contract.

CRACheck is not legal advice. For contract-specific situations, consult a qualified lawyer.

Frequently asked questions

What is Annex VII of Regulation (EU) 2024/2847?
Annex VII of Regulation (EU) 2024/2847 defines the 8 sections that technical documentation must contain for products with digital elements. It covers: general product description, design and development documentation (including SBOM and CVD policy), cybersecurity risk assessment, support period rationale, standards applied, test reports, EU declaration of conformity, and SBOM upon authority request. CRACheck structures all 8 sections from your engineering inputs.
I am a freelancer / 3-person studio. Does the CRA apply to me?
The CRA applies to products, not companies. If the software you develop is placed on the EU market by your client, your client must comply with Article 13. Article 13(5) requires them to exercise due diligence on your component. In practice, they pass that requirement to you via contract — regardless of your company size.
Do I need to read the entire regulation?
No. CRACheck translates the 8 sections of Annex VII into engineering questions. If you know your product's architecture, components, security measures, and update process, you can complete the questionnaire in 15–25 minutes.
Can I use CRACheck documentation across multiple clients?
No. Each product with digital elements requires its own Annex VII documentation. The documentation is product-specific, not company-specific. Different clients, different products, different licences.
Is it a subscription?
No. One-time payment. 30 days of editing, 10 regenerations. The PDF is yours to keep.
Can I request a refund?
Under Article 16(m) of Directive (EU) 2011/83, by activating the licence you consent to immediate digital content generation, waiving the 14-day withdrawal period. Refunds only for reproducible technical failures.
What if the regulation changes?
Regenerate with the updated generator version at no additional cost during your licence period.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your contract requires Annex VII documentation. Generate it in 15 minutes.

8 professional documents. Structured under Article 31 and Annex VII of Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.

€149 one-time
8 documents · 15–25 min · No subscription · 100% browser-side
Generate CRA dossier — €149

Related landings

🏢 Indian IT company

CRA compliance for Indian IT company — EU client
🚀 SaaS startup

CRA compliance for Indian SaaS startup selling to EU
📋 RFP clause

CRA clause in European RFP — Indian IT services
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history