Who signs the Declaration of Conformity — the factory or the EU brand?

Under Article 28, the manufacturer signs the EU declaration of conformity. If the EU brand is the manufacturer under Art. 3(13), they sign. CRACheck generates a draft declaration that the manufacturer adapts and signs.

Can we generate one dossier for all brand customers using the same product?

If the product is technically identical — same hardware, same firmware, same cybersecurity properties — the Annex VII documentation covers the product itself. Different brand customers can reference the same technical documentation. However, each brand customer will need their own Declaration of Conformity as they are separate manufacturers.

What if our EU brand customer modifies the firmware?

If the modification changes the cybersecurity properties, the documentation may need updating. Article 22 addresses substantial modifications. The documentation should reflect the product as placed on the market.

Can we offer CRACheck documentation as a paid add-on to EU brands?

CRACheck is licensed per product, not per end user. You can generate the documentation and deliver it to your EU brand customer as part of your OEM package. The licence covers generation of the documents.

Is this a subscription?

No. One-time payment. 30 days editing, 10 regenerations. PDF yours permanently.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent. Refunds only for reproducible technical failures.

What if the regulation changes?

Regenerate at no additional cost during licence validity.

Your factory in Dongguan manufactures smart devices for a European brand. The brand puts their logo on the packaging and sells on Amazon Germany. Under Article 3(13) of Regulation (EU) 2024/2847, the entity that places the product on the market under their name or trademark is the manufacturer. That is the EU brand — not your factory. But the EU brand will ask you for the technical documentation under Annex VII because you designed and developed the product. CRACheck generates it.

The CRA creates a documentation demand that flows upstream. The EU brand owner is the legal manufacturer under Article 3(13). But Article 31 requires technical documentation containing design and development information, vulnerability handling processes, SBOM and cybersecurity risk assessment — information only the factory has. The brand owner will contractually require you to deliver this documentation. Your competitors are already receiving these contract clauses. CRACheck generates 8 PDF documents per Annex VII. 15-25 minutes. €149 per product. Browser-side — your engineering data stays on your device.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

Art. 3(13)

Defines manufacturer. The EU brand is the manufacturer — but needs your documentation.

Art. 13.5

Due diligence on third-party components. The brand must verify your components do not compromise cybersecurity.

€149

Per product model. Generate the documentation your EU brand customer contractually requires.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Understand the legal structure

The EU brand is the manufacturer under Art. 3(13). You are the development and production partner. The brand is legally responsible. But they will require your documentation because you have the engineering data.

Anticipate contract clauses

EU brands are adding CRA clauses to OEM agreements: "Supplier shall deliver technical documentation per Annex VII." Prepare before you receive the clause.

Generate documentation per product model

Enter your product's engineering data into CRACheck. 15-25 minutes.

Deliver to your EU brand customer

Send the 8-document ZIP. The brand integrates it into their CE dossier and assumes manufacturer responsibility.

Maintain and update

When you release a firmware update, regenerate the documentation. Art. 31.2 requires continuous updates during the support period. 10 regenerations per licence.

Common mistakes

❌

ART. 3(13)

"We are the OEM — we are the manufacturer under CRA"

Not necessarily. Article 3(13) defines the manufacturer as the entity that places the product on the market under their name or trademark. If the EU brand puts their logo on your product and sells it, they are the manufacturer. If you sell under your own brand directly to EU distributors, you are the manufacturer.

❌

ART. 22

"If the EU brand modifies our firmware, they become the manufacturer"

Article 22 states that a person who carries out a substantial modification and makes the product available is considered a manufacturer. Minor firmware customisation (language packs, UI branding) is not a substantial modification. If the EU brand changes the security architecture — that may constitute a substantial modification.

❌

ART. 13.5

"The EU brand never asks about our components — they just put their label on it"

Article 13.5 requires manufacturers to exercise due diligence when integrating third-party components. The EU brand, as manufacturer, must verify that your components do not compromise cybersecurity. They will ask about your WiFi module vendor, your RTOS, your cryptographic libraries.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Classifies the product per Annex III. Helps the EU brand determine the conformity assessment route.

Technical Documentation

Art. 31 + Annex VII. Contains the design, development and vulnerability handling information only your factory possesses.

Risk Assessment

Art. 13.2-13.3. Maps the cybersecurity risks assessed during development.

User Information

Annex II. Technical cybersecurity instructions the EU brand will include with the retail packaging.

Declaration of Conformity

Art. 28 + Annex V. Draft declaration the EU brand adapts and signs as manufacturer.

CVD Policy

Vulnerability disclosure policy. The EU brand may publish this or create their own referencing your process.

Notification Template

Art. 14. Pre-structured for the manufacturer (EU brand) to use. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

Key CRA dates for the product lifecycle.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 EUROPEAN CONSULTANT TO DOCUMENT YOUR OEM PRODUCTS

€8,000–€20,000

Per product family. Requires NDA, IP disclosure, multiple meetings.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history