Wireless modules sit at the centre of the CRA's supply chain model. Your module contains firmware, implements authentication and encryption protocols, and connects to networks — that places it within Article 2(1). Physical and virtual network interfaces are listed as Important Class I in Annex III (item 10). Routers, modems, and switches are Class I (item 12). If your module functions as a network interface or routing component, it faces the corresponding conformity assessment obligations. CRACheck classifies your module, maps its security features to Annex I, and generates the 8-document dossier. €149 per module family. 15–25 minutes. Browser-side processing.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
The RED (Directive 2014/53/EU) and the CRA (Regulation (EU) 2024/2847) are separate legal instruments. The RED's delegated acts on cybersecurity (Article 3(3)(d)(e)(f)) address specific radio equipment risks. The CRA's essential requirements (Annex I) are broader, covering vulnerability handling, secure updates, data protection, and documentation. RED compliance does not satisfy CRA documentation obligations under Art. 31 + Annex VII.
Article 2(1) applies to products with digital elements made available on the EU market. "Made available" includes B2B transactions. A module sold to an OEM customer for integration is placed on the market. The CRA does not distinguish between B2C and B2B channels for scope.
If you market the module under your own brand and sell it as a separate product to integrators, you are the manufacturer under Article 3(13). Your OEM customer is the manufacturer of the final product, with separate obligations. Both carry documentation duties. Your customer's compliance does not substitute for yours on the module.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Determines if your module is Default, Important Class I (Annex III item 10 or 12), or another category. Critical for OEM customers who need the component's classification for their conformity assessment.
Art. 31 + Annex VII dossier for the module: wireless stack architecture, firmware, security protocols, manufacturing quality controls.
Annex I Part I risk analysis for wireless modules: protocol-level attacks (deauthentication, MITM, replay), firmware injection, key compromise, side-channel leakage.
Annex II integrator documentation: secure integration checklist, antenna requirements, firmware update channel, security defaults, end-of-support date.
Art. 28 + Annex V. Sits alongside your RED Declaration.
Module-level vulnerability disclosure framework: how integrators and researchers report vulnerabilities, acknowledgement timelines, patch distribution.
Art. 14 ENISA notification for module vulnerabilities. Includes impact assessment template for downstream products. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Enforcement dates, firmware support period, patch cycle milestones.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated from your data, in your browser. No data leaves your device.
CRACheck classifies your wireless module against Annex III, maps security features to Annex I, generates 8 PDFs per Art. 31 + Annex VII. This is what your OEM customers need as component-level evidence and what you need as the module manufacturer.
CRACheck does not test your WPA3 implementation, audit BLE pairing security, or validate your firmware signing chain. If your module lacks Annex I Part I security features (secure defaults, encryption, authentication), engineering work is needed before documentation can accurately reflect compliance.
Your OEM customers will request this documentation as their own CRA deadlines approach. Having it ready makes your modules easier to specify.
Article 64 of Regulation (EU) 2024/2847.
Annex I + Art. 13/14.
Art. 28, 31, 32.
Misleading information.
| Criterion | RED/CRA Joint Consultant | Module Manufacturer Association | Manual Documentation | CRACheck |
|---|---|---|---|---|
| Time per family | 4–10 weeks | 2–4 weeks (template) | 3–6 weeks | 15–25 minutes |
| Cost | €8,000–€18,000 | Membership fee | Staff time | €149 |
| Annex III classification | Consultant-dependent | Generic guidance | Self-research | Built-in Annex III logic |
| IP exposure | Firmware shared | Anonymised data | Internal | 100% browser-side |
Wireless module OEMs maintain large SKU portfolios. Each family with distinct firmware and functionality requires a separate CRA dossier. Volume pricing: €99/module (pack 10), €79/module (pack 30).
Request Volume PricingCRACheck generates a structured document aligned with Article 31 and Annex VII of Regulation (EU) 2024/2847 based on your module data. The accuracy is your responsibility as manufacturer.
We guarantee the structure follows Art. 31 + Annex VII and legal references are correct. We do not guarantee acceptance by a market surveillance authority or notified body in a specific case.
CRACheck is not legal advice. For CRA-RED interface questions, Annex III classification, or harmonised standard coverage, consult a specialised attorney.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.