Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You manufacture WiFi, Zigbee and Bluetooth modules in Shenzhen and sell them to OEM customers worldwide. Article 3(1) of Regulation (EU) 2024/2847 defines a product with digital elements as including "software or hardware components being placed on the market separately." If your module is sold as a standalone component on the EU market, it is a product with digital elements. It needs Annex VII documentation. CRACheck generates it.

The CRA draws a clear line: components placed on the market separately are products with digital elements and must comply independently. If your ESP32-based WiFi module is sold on Mouser, Farnell or directly to EU OEMs as a standalone part, Article 3(1) applies. The module needs its own technical documentation under Annex VII. Your OEM customers will also ask for documentation to fulfil their Art. 13.5 due diligence obligation on third-party components. CRACheck generates 8 PDF documents per module. 15-25 minutes. €149 per module model. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Art. 3(1)
Components placed on the market separately are products with digital elements. CRA applies.
Annex III.13-15
Microprocessors, microcontrollers, ASICs and FPGAs with security-related functionalities = Class I.
€149
Per module model. Documentation for the module as a standalone product.

CRA documentation for a Chinese wireless module manufacturer

Your OEM customer's CRA compliance starts with your module's documentation. Provide it before they ask.

1
Determine if your module is placed on the market separately
Sold on Mouser, Farnell, LCSC, directly to OEMs as a standalone SKU? Then it is a product with digital elements under Art. 3(1).
2
Classify the module
WiFi/BLE/Zigbee module without security-related functionality: Default. Module with cryptographic functions, secure boot, secure element: may be Class I under Annex III points 13-15.
3
Generate CRA dossier
Enter your module's specifications: radio interface, firmware, SDK, protocol stack, security features, OTA capability. 15-25 minutes.
4
Provide to OEM customers
Your OEM customers need your module's CRA documentation to fulfil their Art. 13.5 due diligence. Delivering it proactively is a competitive advantage.
5
Maintain with firmware updates
When you release a new SDK version or firmware update, regenerate the documentation. Art. 31.2 requires continuous updates.

Your OEM customer's CRA compliance starts with your module's documentation. Provide it before they ask.

Wireless module CRA mistakes

ART. 3(1)

We sell a component, not a finished product — CRA does not apply

Article 3(1) of Regulation (EU) 2024/2847 explicitly includes "hardware components being placed on the market separately" in the definition of product with digital elements. If your WiFi module is sold as a standalone component, it is a product with digital elements. The CRA does not distinguish between finished products and components placed on the market separately.

ANNEX III.14

Our module is a simple radio transceiver — not a security device

Annex III points 13-15 list microprocessors, microcontrollers, ASICs and FPGAs "with security-related functionalities" as Class I. If your module integrates secure boot, hardware encryption, secure key storage or a trusted execution environment, it has security-related functionalities. A module with an ESP32's flash encryption or secure boot feature may fall under this classification.

ART. 13.5

Our OEM customers handle compliance — they integrate our module into their product

When your module is integrated into an end product and not sold separately, the end-product manufacturer has the CRA obligation. But Art. 13.5 requires them to exercise due diligence on third-party components — your module. They will request your module's cybersecurity documentation. If you also sell the module separately on the market, it needs its own Annex VII documentation.

What each CRACheck dossier contains: 8 documents

Wireless modules are the building blocks of IoT products. CRACheck generates 8 documents covering the module as a standalone product with digital elements.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for module CRA documentation

🧾 COMPONENT CERTIFICATION CONSULTANCY
€8,000–€20,000
Per module platform. 3-6 months. Includes radio + cybersecurity.
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history