Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your dashcam records video, connects to a companion app over WiFi and uploads footage to the cloud. Your GPS tracker transmits real-time location via LTE to a fleet management platform. Both are products with digital elements under Article 2.1 of Regulation (EU) 2024/2847. Location data and video recordings require protection under Annex I. CRACheck generates the Annex VII documentation.

Dashcams and GPS trackers process two of the most sensitive data categories: location and video. A compromised GPS tracker reveals a person's or vehicle's real-time position. A compromised dashcam exposes video footage of the driver's surroundings. EU fleet operators, logistics companies and consumer buyers will require CRA documentation. GPS trackers for children fall under Annex III point 19 as Class I. Most consumer dashcams and adult GPS trackers are Default. CRACheck generates 8 PDF documents per Annex VII. 15-25 minutes. €149 per product. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Location + video
Dashcams and GPS trackers process the most sensitive data categories. Annex I mandates protection.
Default / Class I
Consumer dashcam = Default. Children's GPS tracker = Class I (Annex III.19).
€149
Per product model. Documentation covering LTE, GPS, camera, cloud and companion app.

CRA documentation for dashcams and GPS trackers from China

Location data is personal data. Video is personal data. CRA documentation protects both.

1
Classify your product
Consumer dashcam: Default. Fleet GPS tracker: Default. Children's GPS tracker: Class I (Annex III.19). Pet tracker: Default.
2
Map data exposure
GPS coordinates, video footage, audio recordings, accelerometer data, SIM card identity, cloud API access, companion app credentials.
3
Generate CRA dossier
Enter product specifications into CRACheck. 15-25 minutes.
4
Document LTE/4G security
SIM authentication, data encryption in transit, cloud API authentication, server-side access control.
5
Deliver to EU customers
Fleet operators, Amazon buyers, logistics distributors.

Location data is personal data. Video is personal data. CRA documentation protects both.

Dashcam and GPS tracker CRA mistakes

ANNEX I, PART I, 1(c)

Our GPS tracker sends encrypted location data — security is handled

Encryption in transit is one element. Annex I Part I point 1(c) requires protection of confidentiality of stored, transmitted and processed data. If your tracker stores location history in unencrypted flash memory, or if the cloud API allows unauthenticated access to historical location data, the product does not meet Annex I requirements. Document the full data lifecycle.

ANNEX III.19

Our children's GPS watch is a consumer product, not a regulated device

Annex III point 19 explicitly covers "personal wearable products that are intended for the use by and for children." A GPS watch marketed for children's safety is Class I. The child-safety context elevates the classification regardless of the product's technical simplicity.

ART. 14

A dashcam vulnerability is not a cybersecurity incident worth reporting

If a vulnerability in your dashcam's firmware allows remote access to video footage or real-time camera feed, it is a cybersecurity incident affecting privacy. Article 14 requires notification to ENISA within 24 hours of becoming aware of active exploitation. Dashcam vulnerabilities have been publicly demonstrated by security researchers.

What each CRACheck dossier contains: 8 documents

Dashcams and GPS trackers combine camera, location, LTE/WiFi and cloud connectivity. CRACheck generates 8 documents covering the full digital surface.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for dashcam/tracker CRA documentation

🧾 AUTOMOTIVE/FLEET COMPLIANCE CONSULTANCY
€8,000–€15,000
Per product model. 3-6 months.
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history