The Cyber Resilience Act does not scale its documentation requirements by company size. A manufacturer with 10 employees must produce the same Annex VII technical file as a manufacturer with 10,000. Article 33 acknowledges this asymmetry and requires Member States to support SMEs, but the obligation remains. CRACheck lets you meet that obligation at a cost proportionate to your revenue. Eight documents, 15–25 minutes, €149 one-time. No subscription, no consultant dependency, no data leaving your device.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
Article 64(2) sets fines at up to €15,000,000 or 2.5% of global annual turnover for non-compliance with Articles 13 and 14. For a company with €2M annual revenue, that is a potential €50,000 fine. The €149 documentation cost is a rounding error compared to the enforcement risk after 11 December 2027.
Regulation (EU) 2024/2847 applies to all manufacturers who place products with digital elements on the EU market, regardless of company size (Article 2(1)). Article 33 provides support measures for SMEs but does not exempt them from any obligation. The only relief is Article 64(10), which exempts micro and small enterprises from the 24-hour early warning penalty under Article 14(2)(a).
Article 13(12) requires manufacturers to first draw up the technical documentation under Article 31, then carry out the conformity assessment under Article 32, and only then draw up the EU declaration of conformity and affix CE marking. The declaration without the technical file is a compliance gap that Article 64(3) penalises at up to €10M or 2%.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Identifies where your product sits in the CRA classification: default (Module A self-assessment), Important Class I or II (Annex III, may need notified body), or Critical (Annex IV). Determines cost implications for the next steps.
The core deliverable. Structured per Article 31 and Annex VII's eight mandatory elements. This is the document a market surveillance authority will request first.
Maps your product's cybersecurity risks per Article 13(2) and (3) against the 13 requirements in Part I of Annex I. Without this, the technical documentation is incomplete.
The nine-point information sheet per Annex II that must accompany your product.
Per Article 28 and the Annex V model structure. The formal statement that your product meets the essential cybersecurity requirements.
Coordinated vulnerability disclosure policy required by Part II, point (5) of Annex I. Establishes your contact address and response process.
Pre-structured for ENISA notifications per Article 14. Three tiers: 24-hour early warning, 72-hour notification, 14-day final report. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Timeline with Article 14 reporting (from 11 September 2026), full application (11 December 2027), and your product's support period milestones.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
Produces the eight structured documents that the CRA requires before you can affix CE marking. Every section maps to a specific article or annex. The output is the same regardless of whether you pay €149 or €15,000 to someone else.
If your product falls under Important Class I (Annex III) and you have not applied harmonised standards, Article 32(2) requires EU-type examination by a notified body. Penetration testing, hardware security evaluation, and ongoing vulnerability monitoring are operational costs that CRACheck does not replace.
The documentation layer is the mandatory starting point for every conformity assessment path. CRACheck covers that starting point at a cost any small company can absorb.
Article 64 of Regulation (EU) 2024/2847.
Breach of Annex I or Articles 13, 14.
Breach of Art. 19–23, Art. 28, Art. 31, Art. 32.
Providing incorrect or misleading information to authorities.
| Criterion | Ignore CRA | DIY templates | Consultant | CRACheck |
|---|---|---|---|---|
| Cost | €0 now, up to €15M later | Staff hours (100+) | €12K–€20K | €149 |
| CRA article mapping | None | Partial, manual | Depends on expertise | Full, automated |
| Time to first document | N/A | Weeks | 2–4 months | 15–25 minutes |
| Regulation update handling | Ignored | Manual rework | New invoice | Free regeneration |
If you manufacture more than one connected product, pack pricing applies. Pack of 10: €99 per product. Pack of 30: €79 per product.
Request Volume PricingCRACheck generates a structured document based on Article 31 and Annex VII of Regulation (EU) 2024/2847 from the data you input. The accuracy and completeness of that data is your responsibility as the manufacturer.
We guarantee that the document structure conforms to Article 31 and Annex VII and that all cited legal references are correct. We do not guarantee acceptance by a specific market surveillance authority or commercial buyer.
CRACheck is not legal advice. For situations specific to your company, consult a qualified legal professional.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.