Your CE marking dossier currently covers the Low Voltage Directive, EMC, RED, RoHS, and possibly the Machinery Regulation. After 11 December 2027, every connected electronic product you place on the EU market must also comply with the CRA. Article 30 requires CE marking to reflect CRA conformity. Article 13(20) requires a separate EU Declaration of Conformity citing Regulation (EU) 2024/2847. Your existing CE process must absorb a new regulation with 40+ pages of essential requirements (Annex I), detailed technical documentation (Annex VII), and mandatory vulnerability reporting (Art. 14). CRACheck generates the 8-document CRA dossier in 15–25 minutes. €149 per product. Browser-side — no product data leaves your device.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
CE marking after 11 December 2027 must reflect compliance with Regulation (EU) 2024/2847 for any product with digital elements. Article 30(1) requires the CE marking to be affixed only after conformity with the CRA has been demonstrated. Your existing CE marking under LVD, EMC, or RED remains necessary — but it is no longer sufficient. The CRA adds a new legal basis to your CE Declaration.
Article 31 and Annex VII define a specific documentation structure for the CRA. While you may physically include it in the same technical file binder, the CRA documentation has distinct content requirements: cybersecurity risk assessment (Annex I Part I), vulnerability handling processes (Annex I Part II), SBOM, user information (Annex II), and conformity assessment evidence (Annex VIII). These sections do not exist in your LVD or EMC files.
Article 14 reporting obligations for actively exploited vulnerabilities apply from 11 September 2026 — more than a year before full enforcement. By September 2026, you must have a vulnerability handling process in place and be ready to notify ENISA within 24 hours. The documentation supporting this process should be prepared now, not in November 2027.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Confirms your product's classification: Default (90%+ of products), Important Class I or II (Annex III), or Critical (Annex IV). Determines which conformity assessment module applies under Article 32.
Art. 31 + Annex VII dossier. This is the new layer your CE technical file is missing: cybersecurity design, development, production, and vulnerability handling documentation.
Annex I Part I cybersecurity risk analysis. Your existing CE risk assessments cover electrical safety and EMC — this one covers cybersecurity threats specific to connected products.
Annex II information package. New consumer-facing cybersecurity information: secure setup, password management, update procedures, data handling, support period disclosure.
Art. 28 + Annex V. A new Declaration citing Regulation (EU) 2024/2847 as legal basis, alongside your existing Declarations for other applicable directives.
Coordinated vulnerability disclosure: how end users and researchers report security issues. This is a CRA-specific requirement not covered by existing CE directives.
Art. 14 ENISA notification for actively exploited vulnerabilities. Your entry point for the mandatory reporting obligation active from September 2026.
Two-phase timeline: Art. 14 reporting from 11 September 2026, full enforcement 11 December 2027, plus your product-specific support period.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
CRACheck generates the documentation that the CRA adds to your CE marking requirements: Annex VII technical file, Annex I compliance mapping, Art. 28 Declaration, vulnerability handling documentation. This layer did not exist in your CE process before. It is the missing piece for post-2027 market access.
CRACheck does not implement the security features your product needs to comply with Annex I. If your connected product lacks encryption, secure updates, authentication, or data minimisation, engineering work is needed before the documentation can be accurate. CRACheck documents the security you have built — it does not build the security.
If your products already have strong cybersecurity features, Layer 1 is a documentation exercise. If they do not, start engineering now and document when the features are implemented. Either way, the December 2027 deadline is fixed.
Article 64 of Regulation (EU) 2024/2847.
Annex I + Art. 13/14.
Art. 28, 30, 31, 32.
Misleading information.
| Criterion | Extend Current CE Consultant | New CRA-Specific Consultant | Internal Compliance Team | CRACheck |
|---|---|---|---|---|
| Time per product | 8–14 weeks | 6–10 weeks | 4–10 weeks | 15–25 minutes |
| Cost | €10,000–€25,000 | €8,000–€18,000 | Staff + training | €149 |
| CRA expertise | May require upskilling | Variable | New regulation learning | Purpose-built for CRA |
| Output format | Varies — added to CE report | Consultant PDF | Internal templates | 8 standardised PDFs per Annex VII |
Turkish electronics exporters often have dozens of connected products in their EU catalogue. Each product with distinct firmware and connectivity requires its own CRA dossier. Volume pricing: €99/product (pack 10), €79/product (pack 30).
Request Volume PricingCRACheck generates a structured document aligned with Article 31 and Annex VII of Regulation (EU) 2024/2847 based on your product data. The accuracy of the information you enter is your responsibility as manufacturer.
We guarantee the document structure follows Art. 31 + Annex VII and that legal references, including the CE marking provisions of Article 30, are correct. We do not guarantee acceptance by an EU market surveillance authority in a specific case.
CRACheck is not legal advice. For questions about CE marking obligations under the CRA, the customs union framework, or the need for an authorised representative under Article 18, consult a regulatory attorney.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.