We already have CE marking. Does CRA require a separate declaration?

Yes. The CRA Declaration of Conformity under Article 28 + Annex V is a separate document from your existing CE Declarations under the LVD, EMC, or RED. Your product will carry CE marking under multiple legal bases, each documented independently. CRACheck generates the CRA-specific Declaration.

Does the 5-year support period apply to all appliances?

Article 13(8) requires security updates for the expected product lifetime or at least 5 years from placing on the market, whichever is shorter. For long-lifecycle appliances (refrigerators, washing machines), the expected lifetime may exceed 5 years — assess accordingly.

Our appliance uses a third-party WiFi module. Who documents it?

You, as manufacturer of the final product, are responsible for the complete technical documentation under Article 31. Article 13(5) requires due diligence when integrating third-party components. Obtain cybersecurity documentation from your module supplier and integrate it into your own Annex VII dossier.

Can we appoint our Korean office as authorised representative?

No. Article 18 requires the authorised representative to be established within the EU. If you lack an EU legal entity, appoint a representative in an EU Member State. Your EU distributor is not automatically your authorised representative.

Is this a subscription?

No. One-time payment. 30 days of editing, 10 regenerations. PDF yours permanently.

Can I request a refund?

Under Article 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent for immediate digital content generation. Refunds only for reproducible technical failures.

What if the regulation is amended?

Regenerate with the updated CRACheck version at no additional cost during your licence period.

You manufacture smart appliances in Korea and export them to European distributors in Germany, France, and the Netherlands. Regulation (EU) 2024/2847 adds cybersecurity documentation requirements on top of your existing CE marking. Your distributor cannot fulfil their obligations under Article 20 without your technical file. CRACheck generates it.

Korean smart appliance manufacturers already navigate CE marking, RoHS, REACH, and energy labelling for EU market access. The Cyber Resilience Act adds a horizontal cybersecurity layer. Article 13 places the documentation obligation on the manufacturer. Article 20 requires your EU distributor to verify that you have complied. If your appliance connects to WiFi, runs firmware, or processes user data, Annex VII technical documentation is now part of the export package. CRACheck produces the 8-document dossier in 15–25 minutes. €149 per appliance model. Your product data never leaves your browser.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

Art. 20

EU distributor must verify your CRA documentation

11 Dec 2027

Connected appliances must comply by this date

15–25 min

Dossier generation time per appliance model

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Classify your appliance

CRACheck checks if it falls under Default or Annex III (smart home products with security functionalities are Class I, item 17)

Enter appliance specifications

Connectivity (WiFi, Bluetooth, Zigbee), firmware version, data processing, user authentication

Map cybersecurity features

Encryption at rest and in transit, secure OTA updates, factory reset behaviour, data minimisation

Document vulnerability handling

PSIRT process, firmware patch cycle, coordinated disclosure policy, notification procedures

Define your support period

The CRA requires security updates for the product's expected lifetime or at least 5 years (Art. 13(8))

Generate the 8-document dossier

Structured output aligned with Art. 31 + Annex VII, ready for your EU distribution partner

Attach to your export documentation

The CRA dossier sits alongside your existing CE technical file

Common mistakes

❌

CE COVERAGE ASSUMPTION

"Our CE marking already covers cybersecurity"

Existing CE marking under the Low Voltage Directive, EMC Directive, or Radio Equipment Directive does not include the cybersecurity requirements of Regulation (EU) 2024/2847. The CRA is a separate horizontal regulation with its own essential requirements (Annex I), conformity assessment procedures (Art. 32 + Annex VIII), and documentation obligations (Art. 31 + Annex VII). CE marking under the CRA is additional to your existing CE marking.

❌

DISTRIBUTOR DELEGATION

"Our EU distributor handles compliance on our behalf"

Article 20 requires distributors to verify that the manufacturer has complied — not to comply on the manufacturer's behalf. The technical documentation obligation under Articles 13 and 31 rests with you as manufacturer. Your distributor checks that it exists; they do not create it for you.

❌

SMART HOME CLASSIFICATION

"Our appliance is a simple household item, not a security product"

Annex III Class I item 17 lists "smart home products with security functionalities, including smart door locks, security cameras, baby monitoring systems and alarm systems." If your smart appliance has any security functionality — user authentication, encrypted communication, access control — it may qualify as Important Class I. Even without security functions, any connected appliance with firmware is a product with digital elements under Article 3(1).

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Determines if your smart appliance is Default or Important Class I under Annex III (item 17). Documents classification for your EU distributor.

Technical Documentation

Art. 31 + Annex VII dossier covering appliance design, firmware architecture, connectivity stack, security measures, production quality controls.

Risk Assessment

Annex I Part I analysis evaluating threats specific to connected home appliances: unauthorised access, firmware tampering, data exfiltration, physical attack vectors.

User Information

Annex II consumer-facing information: secure setup instructions, password change guidance, update procedures, data deletion (factory reset), support contact.

Declaration of Conformity

Art. 28 + Annex V. Complements existing Declarations for LVD, EMC, RED, and other applicable directives.

CVD Policy

Vulnerability disclosure framework specifying how consumers, researchers, and distributors can report security issues.

Notification Template

Art. 14 structure for ENISA notifications: 24h early warning, 72h notification, 14-day final report.

Obligations Calendar

Milestones: Art. 14 reporting from September 2026, full enforcement December 2027, stated support period per model.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 KOREAN COMPLIANCE CONSULTANCY WITH EU EXPERTISE

₩15M–₩35M (€10,000–€22,000)

6–10 weeks. Requires sharing product schematics and firmware. Separate engagement for each new model year.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history