Will Amazon require CRA documentation?

Article 25 of Regulation (EU) 2024/2847 obliges providers of online marketplaces to cooperate with market surveillance authorities and, upon order, to remove non-compliant products. Amazon required GPSR documentation within 48 hours in July 2024. The CRA follows the same enforcement mechanism. When enforcement begins on 11 December 2027, marketplace compliance requirements will follow.

Am I the manufacturer if I use OEM products with my brand?

Yes. Article 3(13) of Regulation (EU) 2024/2847 defines the manufacturer as the natural or legal person who places a product on the market under their name or trademark. If your Amazon listing shows your brand name, you are the manufacturer for CRA purposes, regardless of who physically produced the device.

Can I use one dossier for product variations (color, size)?

If the variations share the same hardware, firmware and connectivity features, one dossier may cover all variations. If different ASINs have different firmware versions, different connectivity modules or different functionality, each needs its own Annex VII documentation.

What about products already listed on Amazon before December 2027?

Article 69 of Regulation (EU) 2024/2847 states that products placed on the market before 11 December 2027 are subject to the Regulation only where they undergo substantial modification after that date. However, new stock shipments after 11 December 2027 constitute new placement on the market.

Is this a subscription?

No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.

What if the regulation changes?

Regenerate with the updated version at no additional cost during your licence period.

You sell connected devices on Amazon Germany under your own brand. The product ships from an FBA warehouse in Poland. Under Regulation (EU) 2024/2847, you are the manufacturer — Article 3(13) applies. Amazon will require proof of CRA compliance the way it required GPSR declarations in July 2024. CRACheck generates the 8 documents you need.

Amazon suspended thousands of listings in July 2024 when the General Product Safety Regulation entered into force. Sellers had 48 hours to upload compliance documentation or lose the Buy Box. The Cyber Resilience Act follows the same enforcement pattern: marketplace operators are obligated under Article 25 of Regulation (EU) 2024/2847 to cooperate with market surveillance authorities. Amazon will ask. The question is whether your documentation is ready when they do. CRACheck generates 8 PDF documents structured per Article 31 and Annex VII. 15-25 minutes. €149. No data leaves your browser.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

Art. 25

Marketplace obligations under CRA. Online marketplaces must cooperate with market surveillance authorities.

48h

Time Amazon gave sellers to upload GPSR documentation in July 2024. Expect the same for CRA.

€149

One CRACheck licence per product. 8 documents. Compare with €3K-€5K from a German compliance agency.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Identify which products have digital elements

Any product with a direct or indirect data connection: WiFi plugs, Bluetooth speakers, smart cameras, LED controllers with app, Zigbee sensors. If it connects, it is in scope per Article 2.1.

Classify each product

Use the free CRACheck classifier. Most consumer smart home products are Default or Important Class I. Smart cameras and smart locks fall under Class I (Annex III point 17). Routers fall under Class I (Annex III point 12).

Generate dossier for your top-selling ASIN

Enter your product data into CRACheck. 15-25 minutes. Download the 8-document ZIP.

Upload documentation to Amazon Seller Central

When Amazon opens the CRA compliance dashboard (as they did for GPSR), upload the Declaration of Conformity and technical documentation reference.

Repeat for remaining ASINs

Each ASIN with digital elements needs its own documentation. Volume pricing available: €1,199 for Professional Pack (70 generations).

Common mistakes

❌

ART. 3(13)

"I am a seller, not a manufacturer — the CRA does not apply to me"

If you place a product on the EU market under your own brand name, Article 3(13) of Regulation (EU) 2024/2847 classifies you as the manufacturer. It does not matter that the product was made by an OEM in Dongguan. You put your brand on the listing. You are the manufacturer. The documentation obligation under Article 31 and Annex VII is yours.

❌

LISTING RISK

"Amazon has not asked for CRA documentation yet, so I can wait"

Amazon did not ask for GPSR documentation until July 2024 — and then gave sellers 48 hours. Article 25 of Regulation (EU) 2024/2847 obliges online marketplace operators to cooperate with market surveillance authorities. When enforcement starts, Amazon will require documentation at scale. Preparing now means keeping your listings live when they do.

❌

ART. 31

"I can use my CE declaration to cover CRA compliance"

Your existing EU Declaration of Conformity under the RED or EMC Directive covers radio and electromagnetic requirements. Regulation (EU) 2024/2847 requires a separate declaration of conformity (Art. 28, Annex V) and separate technical documentation (Art. 31, Annex VII) covering cybersecurity requirements. They are not the same document. Amazon will need both.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Classification per Annex III. Determines your conformity assessment route. Amazon may use this to categorise your ASIN.

Technical Documentation

Art. 31 + Annex VII. The core document. Covers product description, development process, vulnerability handling, SBOM, risk assessment, standards, testing, declaration of conformity.

Risk Assessment

Art. 13.2-13.3. Cybersecurity risk analysis mapped to Annex I Part I requirements. Documents the risks you have assessed and mitigated.

User Information

Annex II. Instructions for end users on secure configuration, support period, vulnerability reporting, data protection and secure disposal.

Declaration of Conformity

Art. 28 + Annex V. The document Amazon is most likely to request first. States your product conforms to the CRA.

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II. Establishes the public channel through which security researchers can report vulnerabilities.

Notification Template

Art. 14. Pre-structured notification form for the 24h/72h/14-day reporting timeline.

Obligations Calendar

Key dates: Art. 14 from 11 September 2026, full enforcement 11 December 2027, your product's support period.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 GERMAN COMPLIANCE AGENCY

€3,000–€5,000

Per product. 4-8 weeks. Requires sending product samples and technical files.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history