Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You develop Shopify plugins or WooCommerce extensions in India and sell them to European merchants. Article 3(1) of Regulation (EU) 2024/2847 defines "product with digital elements" as including software components placed on the market separately. If you market your plugin under your name, you may be the manufacturer. If the merchant integrates it, Article 13(5) applies to them — and they will ask you for documentation. CRACheck generates it.

The Shopify and WooCommerce ecosystem has thousands of Indian developers building plugins for European merchants. Until now, publishing a plugin meant writing code, testing it, and listing it. Regulation (EU) 2024/2847 introduces a new layer: if a plugin is a "product with digital elements" placed on the EU market, the manufacturer obligations under Article 13 apply. Whether that manufacturer is you (if you sell the plugin directly) or your merchant client (if they integrate it into their store) — someone needs the Annex VII documentation. CRACheck generates 8 PDFs in 15–25 minutes. €149 per plugin. 100% browser-side.

Generate Annex VII dossier — €149Free: check if your product is in scope

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side — your data never leaves your device

Key numbers

Art. 3(1)
Software components placed on the market separately = product with digital elements.
15–25 min
Per plugin. Faster than writing a readme.
€149
Per plugin. Less than the revenue from 10 licence sales.

How it works

1
Determine if the CRA applies to your plugin
Art. 2(1): products with digital elements with a data connection. Most Shopify/WooCommerce plugins that process data, handle payments, manage users, or connect to external APIs are in scope. Pure cosmetic themes with no data connection may be out of scope.
2
Classify the plugin
Use the free CRACheck classifier. Most ecommerce plugins are Default category. Plugins with payment processing or identity management may be Important Class I (Annex III §1).
3
Complete CRACheck
15–25 minutes. Questions about architecture, dependencies (third-party APIs, libraries), security measures, update distribution, vulnerability handling.
4
Download the 8-PDF dossier
Structured under Annex VII. Ready to share with the merchant, marketplace, or App Store review.
5
Publish with confidence
Include the Annex VII reference in your plugin listing. European merchants prefer plugins from developers who can demonstrate CRA readiness.

Three mistakes to avoid

COMMON MISTAKE

"Shopify handles compliance — I just build the plugin"

Shopify is a platform provider and, for its own products, a manufacturer. But your plugin is your product. If you market it under your name on the Shopify App Store, you are the manufacturer under Article 3(1) of Regulation (EU) 2024/2847. Shopify does not assume your CRA obligations. Shopify's terms will likely require you to comply independently.

COMMON MISTAKE

"My plugin is too small to be regulated"

Regulation (EU) 2024/2847 does not include a minimum size, revenue, or user count threshold. Article 2(1) applies to any product with digital elements with a data connection on the EU market. A plugin with 50 European users and a plugin with 50,000 European users have the same documentation obligation. The enforcement risk differs, but the legal obligation is identical.

COMMON MISTAKE

"WooCommerce is open source — open source is exempt from the CRA"

Article 3(37) of Regulation (EU) 2024/2847 defines "free and open-source software" as software distributed under a licence that provides access to source code. However, Recital 18 clarifies that the exemption applies only when the software is not supplied in the course of a commercial activity. If you sell your WooCommerce plugin — even under an open-source licence — the commercial activity brings it into scope.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Plugin classification under Annex III/IV. Payment-related plugins may be Important Class I.

2

Technical Documentation

Annex VII for the plugin: architecture, API integrations, data flows, third-party dependencies.

3

Risk Assessment

Art. 13(2) risk assessment for the plugin's specific threat surface: XSS, injection, data leakage, API key exposure.

4

User Information

Annex II. Plugin installation instructions, security configuration, support period, vulnerability reporting contact.

5

Declaration of Conformity

Art. 28 + Annex V.

6

CVD Policy

Annex I Part II §5. Vulnerability disclosure for the plugin.

7

Notification Template

Art. 14 ENISA notification. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

8

Obligations Calendar

Enforcement dates.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 EU REGULATORY CONSULTANT FOR A PLUGIN
€3,000–€6,000
4–8 weeks. More than the plugin earns in a year.
✓ CRACHECK
€149
8 documents. 15–25 minutes. Per plugin.

Two layers of responsibility

● WHAT CRACHECK DOES

Documentation generation

Generates Annex VII documentation for your plugin. 8 PDFs. 15–25 minutes. €149. Proof of CRA readiness for merchants and marketplaces.

∅ WHAT CRACHECK DOES NOT DO

What falls outside CRACheck

Does not determine whether your specific plugin is in scope (consult a lawyer for borderline cases). Does not review your plugin's code for vulnerabilities. Does not interact with Shopify or WooCommerce approval processes.

We document. You ship.

Enforcement regime

Article 64 of Regulation (EU) 2024/2847.

🇪🇺
Non-compliance with Annex I + Art. 13, 14
€15M / 2.5%

Art. 64(2).

🇪🇺
Missing technical documentation (Art. 31)
€10M / 2%

Art. 64(3).

🇪🇺
Incorrect information
€5M / 1%

Art. 64(4).

Alternatives

AlternativeCostWhat you get
EU regulatory consultant€3,000–€6,000Full review per plugin. 4–8 weeks.
Write documentation yourself from the regulation textFree + daysNo guarantee the format matches Annex VII.
Remove European users from your plugin listing€0Lose the EU market. Revenue drops.
CRACheck€1498 documents. 15–25 min. Annex VII structured.

You maintain multiple plugins on Shopify or WooCommerce?

Each plugin needs its own Annex VII documentation. If you maintain 5, 10 or 20 plugins for the EU market, contact us for developer volume pricing.

Request Volume Pricing
One-business-day response

What CRACheck guarantees and what it does not

CRACheck generates a structured document under Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy is your responsibility as the plugin developer.

We guarantee the structure follows Annex VII and the legal references are correct. We do not guarantee acceptance by Shopify, WooCommerce, or a market surveillance authority.

CRACheck is not legal advice. For borderline cases — such as whether a purely cosmetic theme requires CRA documentation — consult a qualified lawyer.

Frequently asked questions

Are Shopify plugins "products with digital elements" under the CRA?
Article 3(1) of Regulation (EU) 2024/2847 defines "product with digital elements" as including software components placed on the market separately. A Shopify plugin marketed and sold through the App Store is placed on the market separately. If it has a data connection — processes data, connects to APIs, handles user information — it meets the Article 2(1) criteria.
Is open-source WooCommerce different from proprietary Shopify plugins?
Not for CRA purposes if you sell the plugin commercially. Recital 18 of Regulation (EU) 2024/2847 clarifies that the open-source exemption applies only to software not supplied in the course of a commercial activity. If you sell, offer paid support, or monetise the plugin in any way, it is a commercial activity and the CRA applies.
My plugin has very few EU users. Does scale matter?
Regulation (EU) 2024/2847 does not include user count thresholds. The obligations apply to any product with digital elements on the EU market. Enforcement resources may focus on larger products, but the legal obligation exists regardless of scale.
Will Shopify or WooCommerce enforce CRA compliance on their marketplace?
Regulation (EU) 2024/2847 does not directly regulate platform marketplaces for third-party plugins. However, Article 20 (distributor obligations) and marketplace liability trends in EU law suggest that Shopify and WooCommerce will add CRA compliance requirements to their developer agreements before December 2027.
Is it a subscription?
No. One-time payment. 30 days editing, 10 regenerations. PDF is yours.
Can I request a refund?
Art. 16(m) Directive (EU) 2011/83. Activation = express consent. No 14-day withdrawal. Refunds only for reproducible technical failures.
What if the regulation changes?
Regenerate at no additional cost during your licence period.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your plugin reaches EU merchants. The documentation obligation applies. Generate it in 15 minutes.

Eight documents. Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.

€149 one-time
8 documents · 15–25 min · Per plugin · 100% browser-side
Generate Annex VII dossier — €149

Related landings

📄 Contract

CRA documentation Indian developer — EU contract clause
💳 Fintech

CRA compliance payment gateway fintech developer India
🏷️ White label

CRA white label software Indian company — EU brand
✓ Last regulatory check: 28 April 2026 · No substantive changes detected · View history