Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your dashcam records video, connects to a companion app over WiFi and uploads footage to the cloud. Your GPS tracker transmits real-time location via LTE to a fleet management platform. Both are products with digital elements under Article 2.1 of Regulation (EU) 2024/2847. Location data and video recordings require protection under Annex I. CRACheck generates the Annex VII documentation.

Dashcams and GPS trackers process two of the most sensitive data categories: location and video. A compromised GPS tracker reveals a person's or vehicle's real-time position. A compromised dashcam exposes video footage of the driver's surroundings. EU fleet operators, logistics companies and consumer buyers will require CRA documentation. GPS trackers for children fall under Annex III point 19 as Class I. Most consumer dashcams and adult GPS trackers are Default. CRACheck generates 8 PDF documents per Annex VII. 15-25 minutes. €149 per product. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Location + video
Dashcams and GPS trackers process the most sensitive data categories. Annex I mandates protection.
Default / Class I
Consumer dashcam = Default. Children's GPS tracker = Class I (Annex III.19).
€149
Per product model. Documentation covering LTE, GPS, camera, cloud and companion app.

CRA documentation for dashcams and GPS trackers from China

Location data is personal data. Video is personal data. CRA documentation protects both.

1
Classify your product
Consumer dashcam: Default. Fleet GPS tracker: Default. Children's GPS tracker: Class I (Annex III.19). Pet tracker: Default.
2
Map data exposure
GPS coordinates, video footage, audio recordings, accelerometer data, SIM card identity, cloud API access, companion app credentials.
3
Generate CRA dossier
Enter product specifications into CRACheck. 15-25 minutes.
4
Document LTE/4G security
SIM authentication, data encryption in transit, cloud API authentication, server-side access control.
5
Deliver to EU customers
Fleet operators, Amazon buyers, logistics distributors.

Location data is personal data. Video is personal data. CRA documentation protects both.

Dashcam and GPS tracker CRA mistakes

ANNEX I, PART I, 1(c)

Our GPS tracker sends encrypted location data — security is handled

Encryption in transit is one element. Annex I Part I point 1(c) requires protection of confidentiality of stored, transmitted and processed data. If your tracker stores location history in unencrypted flash memory, or if the cloud API allows unauthenticated access to historical location data, the product does not meet Annex I requirements. Document the full data lifecycle.

ANNEX III.19

Our children's GPS watch is a consumer product, not a regulated device

Annex III point 19 explicitly covers "personal wearable products that are intended for the use by and for children." A GPS watch marketed for children's safety is Class I. The child-safety context elevates the classification regardless of the product's technical simplicity.

ART. 14

A dashcam vulnerability is not a cybersecurity incident worth reporting

If a vulnerability in your dashcam's firmware allows remote access to video footage or real-time camera feed, it is a cybersecurity incident affecting privacy. Article 14 requires notification to ENISA within 24 hours of becoming aware of active exploitation. Dashcam vulnerabilities have been publicly demonstrated by security researchers.

What each CRACheck dossier contains: 8 documents

Dashcams and GPS trackers combine camera, location, LTE/WiFi and cloud connectivity. CRACheck generates 8 documents covering the full digital surface.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for dashcam/tracker CRA documentation

🧾 AUTOMOTIVE/FLEET COMPLIANCE CONSULTANCY
€8,000–€15,000
Per product model. 3-6 months.
✓ CRACHECK
€149
8 documents. 15 min. Location + camera documentation.

Cybersecurity documentation vs. privacy compliance

● LAYER 1

What CRACheck does

Generates Annex VII documentation for your dashcam or GPS tracker. Covers GPS, LTE, camera, cloud storage, companion app and OTA updates.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not perform GDPR Data Protection Impact Assessment for location tracking, test your cloud API security or scan your companion app. CRA documentation is one layer. Privacy assessment is separate.

We document cybersecurity. You handle privacy compliance.

CRA penalty regime — Article 64 of Regulation (EU) 2024/2847

Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I) and Art. 13/14 obligations
€15M / 2.5%

Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.

🇪🇺
Non-compliance with technical documentation (Art. 31), authorised representative (Art. 18), conformity assessment (Art. 32)
€10M / 2%

Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.

🇪🇺
Supply of incorrect, incomplete or misleading information to authorities
€5M / 1%

Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.

Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.

Alternatives

AlternativeCostWhat you get
Fleet compliance consultancy€8,000–€15,0003-6 months.
Rely on LTE operator security€0Network security ≠ product security. Separate obligations.
Document only fleet trackers, skip dashcamsVariableBoth are products with digital elements. Both need documentation.
CRACheck€1498 docs. 15 min. Per product model.

Your product line includes dashcams, fleet trackers and personal trackers?

Each product model needs its own CRA dossier. Volume pricing: €99/product (10-pack), €79/product (30-pack).

Request volume pricing
Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Is a dashcam without cloud connectivity in scope?
If the dashcam has WiFi (even if only for connecting to the companion app to download footage), it has a data connection under Art. 2.1. A dashcam that records to SD card only, with no WiFi, no Bluetooth and no app, may not be a product with digital elements.
Does a pet GPS tracker fall under Annex III?
Pet trackers are not children's wearables (Annex III.19) and do not have security functionalities (Annex III.17). They are Default products. Module A self-assessment applies.
Our fleet tracker integrates with third-party fleet management platforms — who documents what?
Your CRA documentation covers the tracker as a product with digital elements. The fleet management platform is a separate product. If the platform is part of your offering and essential for the tracker's function (Art. 3(1) includes "remote data processing solutions"), document the platform's cybersecurity properties within your Annex VII.
What support period for a dashcam?
Consumer dashcams are used for 3-5 years. Fleet dashcams for 5-7 years. Art. 13.8 requires the support period to reflect expected use. Document the period you commit to providing security updates.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.
Can I request a refund?
Pursuant to Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.
What if the regulation changes?
If the regulation changes during the validity of your licence, you can regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your dashcam and GPS tracker process location and video data. CRA documentation is mandatory. Generate it — 15 minutes, €149.

€149 one-time payment
8 professional documents · 15-25 minutes · No subscription · 100% in your browser
Generate CRA dossier — €149

Related landings

🚁 Drone

CRA drone manufacturer China EU compliance
⌚ Wearable

CRA wearable fitness tracker manufacturer China
🏭 IoT

CRA compliance China manufacturer IoT device EU market 2027
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history