Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Article 28 of Regulation (EU) 2024/2847 requires the manufacturer to draw up an EU Declaration of Conformity following the model structure in Annex V. The Declaration contains 8 elements — from product identification to conformity assessment references to the signature block. If you have produced CE Declarations under the Low Voltage Directive or the Radio Equipment Directive, the CRA Declaration has the same legal weight but different content. CRACheck generates it as part of the 8-document dossier.

The CRA Declaration of Conformity is not a rebranded CE Declaration from another directive. It must state that the product meets the essential cybersecurity requirements of Annex I of Regulation (EU) 2024/2847 — not the safety requirements of 2014/35/EU or the radio requirements of 2014/53/EU. Article 28(3) allows a single Declaration to cover the CRA and other Union legal acts, but the CRA must be cited explicitly with its publication reference. Annex V lists 8 elements that must appear. CRACheck fills every field based on your input and the conformity assessment module identified by the Product Classifier. €149 per product. 15–25 minutes. The Declaration is one of 8 PDFs in the dossier.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key figures

8
Mandatory elements in Annex V
Art. 28
Legal basis for the EU Declaration of Conformity
10 yr
Minimum retention period for the Declaration under Annex VIII Part I point (4.2)

How CRACheck generates the Annex V Declaration

1
Product identification
You enter the product name, type, version, batch/serial number, and a photograph if applicable. This maps to Annex V elements 1 and 4.
2
Manufacturer data
Name, address, and authorised representative (if applicable). Maps to Annex V element 2.
3
Conformity statement
CRACheck generates the conformity statement declaring that the product meets the essential cybersecurity requirements of Annex I of Regulation (EU) 2024/2847. Maps to Annex V elements 3 and 5.
4
Standards and specifications
You declare which harmonised standards, common specifications, or European cybersecurity certification schemes you have applied. Maps to Annex V element 6.
5
Notified body
If applicable (Class I without full standards, Class II, Critical), CRACheck includes the notified body name, number, and certificate reference. Maps to Annex V element 7.
6
Signature block
CRACheck generates the signature block with place, date, and signatory fields. Maps to Annex V element 8.

Common mistakes

ART. 28

Reusing a CE Declaration from another directive as the CRA Declaration

Article 28(3) allows a single Declaration to cover the CRA and other Union legal acts, but the CRA must be cited explicitly. A Declaration that references 2014/35/EU (LVD) or 2014/53/EU (RED) without also citing Regulation (EU) 2024/2847 does not satisfy the CRA requirement.

ANNEX V · 3

Omitting the conformity statement for Annex I

Annex V element 5 requires a statement that the product is in conformity with the relevant Union harmonisation legislation. Under the CRA, this means conformity with the essential cybersecurity requirements of Annex I. A generic "complies with all applicable EU legislation" without citing Annex I of Regulation (EU) 2024/2847 is insufficient.

ANNEX V · 7

Omitting the notified body reference for Class II products

If your product requires Module B+C or Module H assessment under Article 32(3), Annex V element 7 requires the notified body name, number, and identification of the certificate issued. A Declaration without this reference is incomplete for any product that went through third-party assessment.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Identifies the CRA category and the conformity assessment module that the Declaration of Conformity will reference.

2

Technical Documentation

Annex VII file. Annex VII point (7) requires a copy of the Declaration in the technical documentation — CRACheck cross-references them.

3

Risk Assessment

Cybersecurity risk assessment per Article 13(2)–(3). The risk assessment underpins the conformity claim in the Declaration.

4

User Information

Annex II information sheet with the Declaration of Conformity link (Annex II point 6).

5

Declaration of Conformity

EU Declaration per Article 28 and Annex V. All 8 elements pre-filled from your input. Ready-to-sign PDF.

6

CVD Policy

Coordinated vulnerability disclosure policy per Annex I Part II point (5).

7

Notification Template

ENISA/CSIRT notification template per Article 14. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

8

Obligations Calendar

Key dates including the 10-year retention obligation for the Declaration.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 THE ALTERNATIVE
Regulatory consultancy to draft CRA Declaration of Conformity
€500–2,000 per product
Often delivered with a template — filling the template still takes internal time
Does not include the underlying Annex VII documentation
✓ CRACHECK
€149 per product
Declaration auto-generated from your input data as part of the 8-document dossier
Consistent cross-references with the technical documentation and risk assessment
30-day edit window. 10 regenerations
Permanent PDF

Two layers

● LAYER 1 — DOCUMENTATION · CRACHECK

Declaration + full dossier

CRACheck generates the EU Declaration of Conformity per Article 28 and Annex V, the technical documentation per Article 31 and Annex VII, and all supporting documents. The Declaration is pre-filled with the conformity assessment module, standards applied, and notified body reference.

∅ LAYER 2 — NOT INCLUDED

What CRACheck does not do

CRACheck does not sign the Declaration on your behalf. Article 28(4) states that by drawing up the Declaration, the manufacturer assumes responsibility for compliance. The manufacturer or authorised representative must physically or digitally sign the document. CRACheck provides the signature block — the signature is yours.

CRACheck fills the 8 elements. You provide the signature. The responsibility is defined in Article 28(4).

Enforcement regime

⚖️
€15M / 2.5% — Art. 64(2)

Non-compliance with Annex I essential requirements.

⚖️
€10M / 2% — Art. 64(3)

Non-compliance with Art. 28 (Declaration of Conformity). A missing or incorrect Declaration falls here.

⚖️
€5M / 1% — Art. 64(4)

Supplying incorrect information in the Declaration to authorities.

Alternatives

CriterioTemplate from the internetConsultancyCRACheck
PriceFree€500–2,000€149/product
Annex V complianceUncertain — no CRA-specific templates exist yetCorrect if firm knows CRAAll 8 Annex V elements guaranteed
Consistency with tech docNo — standaloneDepends on engagement scopeCross-referenced with Annex VII file
Conformity moduleManual entryManual entryAuto-identified by Product Classifier
CRACheck€149All 8 elementsCross-referenced

Declarations for a multi-product portfolio?

Each product with digital elements needs its own Declaration of Conformity. For product families, contact us for volume pricing. Pack of 10: €99 per product. Pack of 30: €79 per product.

Request volume pricing
Commercial enquiries via hello@solidwaretools.com

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847, based on the information you enter. The accuracy, completeness, and truthfulness of that information is your responsibility as manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case.

CRACheck is not legal advice. For situations specific to your product or market, consult a qualified lawyer or specialised regulatory consultancy.

Frequently asked questions

Can I combine the CRA Declaration with my existing CE Declaration for the Radio Equipment Directive?
Yes. Article 28(3) of Regulation (EU) 2024/2847 allows a single EU Declaration of Conformity to cover the CRA and other Union legal acts. The Declaration must identify each applicable legal act, including its publication reference. CRACheck generates the CRA-specific Declaration; if you need a combined Declaration, you can merge the CRA section with your existing RED Declaration.
Who signs the CRA Declaration of Conformity?
Article 28(4) states that by drawing up the Declaration, the manufacturer assumes responsibility for compliance. The signatory is the manufacturer's legal representative or an authorised signatory within the manufacturing company. If the manufacturer is outside the EU and has appointed an authorised representative under Article 15 of Regulation (EU) 2024/2847, the authorised representative may sign on behalf of the manufacturer provided the mandate specifies this obligation.
Does the simplified Declaration of Conformity (Annex VI) replace the full Declaration?
No. Article 13(20) requires the manufacturer to provide the simplified Declaration alongside or with the product. The full Declaration must still exist and be available at the internet address indicated in the simplified version. CRACheck generates both the full Declaration (Annex V) and the simplified version (Annex VI).
How long must I keep the Declaration of Conformity?
Annex VIII Part I point (4.2) requires the manufacturer to keep the Declaration of Conformity at the disposal of national authorities for 10 years after the product has been placed on the market or for the support period, whichever is longer.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83, activating the licence constitutes express consent for immediate generation of digital content, waiving the 14-day withdrawal right. Refunds are only processed for reproducible technical failures.
What if the regulation changes?
If Regulation (EU) 2024/2847 is amended during your licence window, you can regenerate the documentation using the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

8 elements. One Declaration. Auto-generated.

CRACheck generates the EU Declaration of Conformity per Article 28 and Annex V, with all 8 mandatory elements pre-filled. Part of the 8-document dossier. €149 per product.

€149 one-time
8-document ZIP · 15-25 min · Art. 31 + Annex VII · 100% browser-side · Permanent PDF
Generate CRA Dossier

Related landings

ANNEX VII

CRA Annex VII — the 8 points of technical documentation
MODULE A · B · C · H

Conformity assessment — which module applies
ANNEX I

Annex I — the 21 essential cybersecurity requirements
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history