Can I combine the CRA Declaration with my existing CE Declaration for the Radio Equipment Directive?

Yes. Article 28(3) of Regulation (EU) 2024/2847 allows a single EU Declaration of Conformity to cover the CRA and other Union legal acts. The Declaration must identify each applicable legal act, including its publication reference. CRACheck generates the CRA-specific Declaration; if you need a combined Declaration, you can merge the CRA section with your existing RED Declaration.

Who signs the CRA Declaration of Conformity?

Article 28(4) states that by drawing up the Declaration, the manufacturer assumes responsibility for compliance. The signatory is the manufacturer's legal representative or an authorised signatory within the manufacturing company. If the manufacturer is outside the EU and has appointed an authorised representative under Article 15 of Regulation (EU) 2024/2847, the authorised representative may sign on behalf of the manufacturer provided the mandate specifies this obligation.

Does the simplified Declaration of Conformity (Annex VI) replace the full Declaration?

No. Article 13(20) requires the manufacturer to provide the simplified Declaration alongside or with the product. The full Declaration must still exist and be available at the internet address indicated in the simplified version. CRACheck generates both the full Declaration (Annex V) and the simplified version (Annex VI).

How long must I keep the Declaration of Conformity?

Annex VIII Part I point (4.2) requires the manufacturer to keep the Declaration of Conformity at the disposal of national authorities for 10 years after the product has been placed on the market or for the support period, whichever is longer.

Is this a subscription?

No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours permanently.

Can I request a refund?

Under Art. 16(m) of Directive (EU) 2011/83, activating the licence constitutes express consent for immediate generation of digital content, waiving the 14-day withdrawal right. Refunds are only processed for reproducible technical failures.

What if the regulation changes?

If Regulation (EU) 2024/2847 is amended during your licence window, you can regenerate the documentation using the updated version of the generator at no additional cost.

Article 28 of Regulation (EU) 2024/2847 requires the manufacturer to draw up an EU Declaration of Conformity following the model structure in Annex V. The Declaration contains 8 elements — from product identification to conformity assessment references to the signature block. If you have produced CE Declarations under the Low Voltage Directive or the Radio Equipment Directive, the CRA Declaration has the same legal weight but different content. CRACheck generates it as part of the 8-document dossier.

The CRA Declaration of Conformity is not a rebranded CE Declaration from another directive. It must state that the product meets the essential cybersecurity requirements of Annex I of Regulation (EU) 2024/2847 — not the safety requirements of 2014/35/EU or the radio requirements of 2014/53/EU. Article 28(3) allows a single Declaration to cover the CRA and other Union legal acts, but the CRA must be cited explicitly with its publication reference. Annex V lists 8 elements that must appear. CRACheck fills every field based on your input and the conformity assessment module identified by the Product Classifier. €149 per product. 15–25 minutes. The Declaration is one of 8 PDFs in the dossier.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key figures

Mandatory elements in Annex V

Art. 28

Legal basis for the EU Declaration of Conformity

10 yr

Minimum retention period for the Declaration under Annex VIII Part I point (4.2)

How CRACheck generates the Annex V Declaration

Product identification

You enter the product name, type, version, batch/serial number, and a photograph if applicable. This maps to Annex V elements 1 and 4.

Manufacturer data

Name, address, and authorised representative (if applicable). Maps to Annex V element 2.

Conformity statement

CRACheck generates the conformity statement declaring that the product meets the essential cybersecurity requirements of Annex I of Regulation (EU) 2024/2847. Maps to Annex V elements 3 and 5.

Standards and specifications

You declare which harmonised standards, common specifications, or European cybersecurity certification schemes you have applied. Maps to Annex V element 6.

Notified body

If applicable (Class I without full standards, Class II, Critical), CRACheck includes the notified body name, number, and certificate reference. Maps to Annex V element 7.

Signature block

CRACheck generates the signature block with place, date, and signatory fields. Maps to Annex V element 8.

Common mistakes

❌

ART. 28

Reusing a CE Declaration from another directive as the CRA Declaration

Article 28(3) allows a single Declaration to cover the CRA and other Union legal acts, but the CRA must be cited explicitly. A Declaration that references 2014/35/EU (LVD) or 2014/53/EU (RED) without also citing Regulation (EU) 2024/2847 does not satisfy the CRA requirement.

❌

ANNEX V · 3

Omitting the conformity statement for Annex I

Annex V element 5 requires a statement that the product is in conformity with the relevant Union harmonisation legislation. Under the CRA, this means conformity with the essential cybersecurity requirements of Annex I. A generic "complies with all applicable EU legislation" without citing Annex I of Regulation (EU) 2024/2847 is insufficient.

❌

ANNEX V · 7

Omitting the notified body reference for Class II products

If your product requires Module B+C or Module H assessment under Article 32(3), Annex V element 7 requires the notified body name, number, and identification of the certificate issued. A Declaration without this reference is incomplete for any product that went through third-party assessment.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Identifies the CRA category and the conformity assessment module that the Declaration of Conformity will reference.

Technical Documentation

Annex VII file. Annex VII point (7) requires a copy of the Declaration in the technical documentation — CRACheck cross-references them.

Risk Assessment

Cybersecurity risk assessment per Article 13(2)–(3). The risk assessment underpins the conformity claim in the Declaration.

User Information

Annex II information sheet with the Declaration of Conformity link (Annex II point 6).

Declaration of Conformity

EU Declaration per Article 28 and Annex V. All 8 elements pre-filled from your input. Ready-to-sign PDF.

CVD Policy

Coordinated vulnerability disclosure policy per Annex I Part II point (5).

Notification Template

ENISA/CSIRT notification template per Article 14. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

Key dates including the 10-year retention obligation for the Declaration.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 THE ALTERNATIVE

Regulatory consultancy to draft CRA Declaration of Conformity

€500–2,000 per product

Often delivered with a template — filling the template still takes internal time

Does not include the underlying Annex VII documentation

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history