The CRA creates a documentation demand that flows upstream. The EU brand owner is the legal manufacturer under Article 3(13). But Article 31 requires technical documentation containing design and development information, vulnerability handling processes, SBOM and cybersecurity risk assessment — information only the factory has. The brand owner will contractually require you to deliver this documentation. Your competitors are already receiving these contract clauses. CRACheck generates 8 PDF documents per Annex VII. 15-25 minutes. €149 per product. Browser-side — your engineering data stays on your device.
€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side
You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.
Not necessarily. Article 3(13) defines the manufacturer as the entity that places the product on the market under their name or trademark. If the EU brand puts their logo on your product and sells it, they are the manufacturer. If you sell under your own brand directly to EU distributors, you are the manufacturer.
Article 22 states that a person who carries out a substantial modification and makes the product available is considered a manufacturer. Minor firmware customisation (language packs, UI branding) is not a substantial modification. If the EU brand changes the security architecture — that may constitute a substantial modification.
Article 13.5 requires manufacturers to exercise due diligence when integrating third-party components. The EU brand, as manufacturer, must verify that your components do not compromise cybersecurity. They will ask about your WiFi module vendor, your RTOS, your cryptographic libraries.
8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.
Classifies the product per Annex III. Helps the EU brand determine the conformity assessment route.
Art. 31 + Annex VII. Contains the design, development and vulnerability handling information only your factory possesses.
Art. 13.2-13.3. Maps the cybersecurity risks assessed during development.
Annex II. Technical cybersecurity instructions the EU brand will include with the retail packaging.
Art. 28 + Annex V. Draft declaration the EU brand adapts and signs as manufacturer.
Vulnerability disclosure policy. The EU brand may publish this or create their own referencing your process.
Art. 14. Pre-structured for the manufacturer (EU brand) to use. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.
Key CRA dates for the product lifecycle.
See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Generated from your data, in your browser. No data leaves your device.
Generates the Annex VII documentation your EU brand customer contractually requires. You fill in your engineering data. They receive structured documentation.
CRACheck does not define who is the manufacturer under Art. 3(13). It does not draft OEM contractual clauses or allocate liability between factory and brand. For contractual structures, consult a lawyer.
We generate documentation. You and your EU brand define who signs it.
Article 64 of Regulation (EU) 2024/2847.
Art. 64.2.
Art. 64.3.
Art. 64.4.
| Criterion | European regulatory consultant | Let the EU brand handle it | Send product datasheets as documentation | CRACheck |
|---|---|---|---|---|
| Cost | €8,000–€20,000 | €0 for you | €0 | €149 |
| Result | Per product family. Requires IP disclosure. | The brand will ask you for engineering data anyway. Delays the order. | Datasheets do not satisfy Annex VII. Risk of contract rejection. | 8 docs. 15 min. Deliver documentation with the product samples. |
Each product model needs its own Annex VII dossier. If you make smart plugs, cameras and sensors for three different EU brands, that is 9+ dossiers. Volume pricing: €99/product (10-pack), €79/product (30-pack).
Request Volume PricingCRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.
CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Eight documents. Article 31 + Annex VII fully structured. Regulation (EU) 2024/2847. Your data stays on your device. The ZIP you download is yours forever.