The regulatory geometry for connected radio equipment in the EU is now three-layered: Directive 2014/53/EU (RED) covers radio spectrum access, electromagnetic compatibility, and safety. Delegated Regulation (EU) 2022/30 added cybersecurity requirements under RED Article 3(3)(d)(e)(f) for internet-connected radio equipment. Regulation (EU) 2024/2847 (CRA) covers cybersecurity for all products with digital elements, including radio equipment. Recital 30 of the CRA explicitly states that the CRA's essential cybersecurity requirements "include all the elements of the essential requirements referred to in Article 3(3), points (d), (e) and (f), of Directive 2014/53/EU." The CRA does not replace the RED — it absorbs the cybersecurity layer and adds Article 31 technical documentation, Article 14 vulnerability notification, and Article 13 manufacturer obligations. CRACheck generates the CRA documentation. €149. 15–25 minutes. 8 PDFs.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
If your product is radio equipment under Directive 2014/53/EU and also a product with digital elements under Regulation (EU) 2024/2847, you need RED conformity for radio/EMC/safety AND CRA documentation for cybersecurity. CRACheck covers the CRA layer.
Recital 30 of the CRA states that the CRA includes all elements of RED Article 3(3)(d)(e)(f). But the CRA adds significantly more: Article 31 technical documentation (Annex VII), Article 14 vulnerability notification to ENISA, Article 13 manufacturer obligations including risk assessment, and Annex I Part II vulnerability handling requirements. RED does not require an SBOM, a CVD policy, or ENISA notifications.
Annex III Class I category 12 lists "routers, modems intended for the connection to the internet, and switches." If your radio equipment is a router or internet-connected modem, it is Important Class I, not Default. The classification determines whether Module A self-assessment is available (only if harmonised standards are applied in full under Article 32(2)).
Article 13(4) of the CRA states that for products subject to other Union legal acts requiring technical documentation, "the cybersecurity risk assessment may be part of the risk assessment required by those Union legal acts." Article 31(3) allows a single technical documentation set. The two files can coexist in one document, reducing duplication.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Classification under CRA Annex III (many radio equipment products fall under Class I category 10 or 12). Documents the dual RED + CRA applicability.
CRA Annex VII file. Can reference the existing RED technical file for shared elements. Adds cybersecurity-specific content: system architecture, SBOM, CVD policy, vulnerability handling.
CRA cybersecurity risk assessment per Article 13(2)–(3). Complementary to — not a replacement for — any RED-specific risk analysis.
Annex II sheet. Includes support period, vulnerability reporting contact, and security instructions for firmware updates.
CRA Declaration per Article 28 + Annex V. Article 28(3) allows combining CRA and RED declarations in a single document, but both regulations must be cited.
Required by Annex I Part II point (5). Not required by the RED.
ENISA notification per Article 14. Not required by the RED.
CRA dates (11 Sept 2026 for Article 14, 11 Dec 2027 for full enforcement) alongside RED timeline.
See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Generated from your data, in your browser. No data leaves your device.
CRACheck generates the CRA cybersecurity documentation: Annex VII technical file, Annex I risk assessment, Declaration of Conformity (CRA-specific), CVD policy, ENISA notification template, and obligations calendar. This is the documentation layer that the CRA adds beyond the RED.
CRACheck does not generate RED documentation. It does not produce radio test reports, EMC measurements, safety assessments, or the RED Declaration of Conformity citing Directive 2014/53/EU. RED compliance requires your existing testing laboratories and notified bodies.
RED covers radio. CRA covers cybersecurity. CRACheck covers the CRA layer.
Annex I cybersecurity non-compliance.
Missing Art. 31 technical documentation or Art. 32 conformity assessment.
Vary by Member State, typically €50,000–€500,000 + product withdrawal. CRA and RED penalties are independent.
| Criterio | RED (Dir. 2014/53/EU) | CRA (Reg. 2024/2847) | CRACheck scope | ||
|---|---|---|---|---|---|
| Focus | Radio spectrum, EMC, safety | Cybersecurity | Cybersecurity documentation | ||
| Cybersecurity | Art. 3(3)(d)(e)(f) via Del. Reg. 2022/30 | Annex I (21 requirements) | Maps all 21 requirements | ||
| Tech doc | RED technical file | Art. 31 + Annex VII | Generates Annex VII | ||
| Vulnerability reporting | Not required | Art. 14 (24h/72h/14d to ENISA) | Notification template | ||
| SBOM | Not required | Annex I Part II + Annex VII | Documented in tech file | ||
| CVD policy | Not required | Annex I Part II point (5) | Generated as PDF | ||
| CRACheck | CRA layer | Annex VII | Art. 14 | SBOM | CVD |
Each radio product variant needs its own CRA documentation. Volume pricing: Pack of 10: €99. Pack of 30: €79.
Request volume pricingCRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847, based on the information you enter. The accuracy, completeness, and truthfulness of that information is your responsibility as manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case.
CRACheck is not legal advice. For situations specific to your product or market, consult a qualified lawyer or specialised regulatory consultancy.
CRACheck generates the CRA cybersecurity documentation layer for radio equipment. SBOM, CVD policy, Annex VII file, ENISA notification template. €149 per product. Browser-side.