The CRA applies to gaming peripherals the same way it applies to any connected consumer product. Art. 2(1) covers any product with a direct or indirect data connection. A wireless controller with Bluetooth and firmware update capability qualifies. A gaming headset with companion software qualifies. A streaming capture card with network connectivity qualifies. Classification determines your conformity assessment route: gaming routers are Important Class I under Annex III item 12. Internet-connected toys with social interactive features — speaking, filming, location tracking — are Important Class I under Annex III item 18. Standard peripherals without security-specific functionality are Default, allowing internal control under Art. 32(1)(a). CRACheck generates the 8-document technical file. €149 per product. 15-25 minutes. Hardware specifications stay in your browser.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
The CRA does not exempt consumer electronics. Art. 2(1) of Regulation (EU) 2024/2847 covers any product with a data connection. A Bluetooth controller receives firmware updates, transmits input data, and connects to a network-capable console. That is a data connection. The CRA applies.
Annex III Class I item 12 of Regulation (EU) 2024/2847 explicitly lists "routers, modems intended for the connection to the internet, and switches." A gaming router marketed for low-latency connectivity is still a router. Important Class I classification means internal control alone (Module A) may not suffice if harmonised standards are not fully applied — Art. 32(2) may require EU-type examination.
Art. 13(8) requires the support period to reflect expected product use time. Art. 13(9) mandates free security updates throughout the support period. For gaming peripherals with a 3-5 year expected lifecycle, a 12-month firmware update window is insufficient and non-compliant.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Identifies category: Default (standard controllers, headsets), Important Class I (gaming routers per Annex III item 12, connected toys with social features per item 18).
Art. 31 and Annex VII documentation for gaming hardware: hardware architecture, firmware structure, wireless protocols, companion app interfaces.
Cybersecurity risk assessment covering consumer gaming attack vectors: Bluetooth vulnerabilities, firmware tampering, cloud account compromise, companion app data exposure.
Annex II information for consumers: secure pairing, firmware update process, data collection disclosure, vulnerability reporting contact, support period end date.
EU Declaration per Art. 28 and Annex V.
Coordinated vulnerability disclosure policy for gaming hardware research community.
ENISA notification template per Art. 14.
Key CRA dates mapped to gaming product release cycles: Art. 14 from September 2026, enforcement December 2027.
See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Generated from your data, in your browser. No data leaves your device.
CRACheck generates the Art. 31 and Annex VII technical documentation specific to the Cyber Resilience Act. This covers cybersecurity requirements that RED (Directive 2014/53/EU) does not address: vulnerability handling processes, support period definition, SBOM, coordinated disclosure policy, ENISA notification template.
CRACheck does not perform RED testing (radio, EMC, safety). It does not conduct hardware security analysis or penetration testing on Bluetooth/Wi-Fi stacks. It does not manage your firmware update delivery infrastructure. It does not replace notified body assessment if your product is Important Class I and you have not applied harmonised standards.
RED covers the radio. The CRA covers the cybersecurity. CRACheck documents the CRA layer.
If an actively exploited vulnerability is found in your controller firmware or gaming router, the 24h ENISA early warning applies.
Gaming peripherals placed on the EU market must carry CRA-compliant CE marking and Art. 31 documentation.
For gaming peripheral manufacturers non-compliant with Art. 13 or Annex I.
| Criterio | CE consultancy (RED focus) | DIY compliance | Ignore CRA | CRACheck |
|---|---|---|---|---|
| Price | €5K-15K | Staff time | €0 | €149 per product |
| CRA-specific coverage | Minimal | Uncertain | None | 8 Art. 31 documents |
| Vulnerability handling documented | No | Possibly | No | Yes — CVD + ENISA template |
| Data stays with you | Hardware shared with lab | Internal | N/A | 100% browser-side |
| CRACheck | €149 | Yes | CVD+ENISA | Browser-side |
Pack 10: €99 per product. Pack 30: €79 per product. For gaming hardware manufacturers with broad EU product lines, contact us.
Request volume pricingCRACheck generates a structured document set according to Art. 31 and Annex VII of Regulation (EU) 2024/2847 based on the information you provide about your gaming peripheral. The accuracy of hardware specifications, firmware architecture and connectivity data is your responsibility as manufacturer.
We guarantee that the document structure follows Art. 31 and Annex VII and that the legal references cited are correct. We do not guarantee acceptance by a specific market surveillance authority or marketplace compliance review.
CRACheck is not legal advice. For product classification under Annex III and the interaction between CRA and RED, consult a qualified product compliance engineer or lawyer.
Product classifier, technical documentation, risk assessment, declaration of conformity, CVD policy, ENISA template. Eight documents per peripheral. €149. Browser-side.