Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your EV wallbox charger connects to WiFi, communicates with the vehicle via OCPP, manages energy via the companion app and receives firmware updates over the air. A cybersecurity vulnerability in an EV charger does not just expose user data — it can affect grid stability. Regulation (EU) 2024/2847 classifies EV chargers as products with digital elements. Annex VII technical documentation is mandatory. CRACheck generates it.

The European EV charging infrastructure rollout means millions of connected chargers on the grid by 2027. Each one is a network endpoint that manages energy flows, user authentication and billing data. Regulation (EU) 2024/2847 applies to all products with digital elements on the EU market — EV chargers included. If your charger integrates a smart meter gateway, it may fall under Annex IV point 2 (Critical product). Most home wallboxes without smart meter gateway integration are Default products. CRACheck generates 8 PDF documents per Article 31 and Annex VII. 15-25 minutes. €149. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Grid-connected
EV chargers manage energy flows. A cybersecurity breach can affect grid stability. High-scrutiny category.
Default / Critical
Home wallbox = typically Default. Charger with smart meter gateway = may be Critical (Annex IV.2).
€149
Per charger model. CRA documentation covering OCPP, WiFi/LTE, billing, energy management.

CRA compliance for a Chinese EV charger manufacturer

The EU energy transition runs on connected devices. Every charger needs CRA documentation.

1
Classify your charger
Home wallbox without smart meter gateway: Default. Charger with smart meter gateway: may be Critical under Annex IV point 2. Commercial DC fast charger: Default unless it integrates smart metering.
2
Map digital interfaces
WiFi/LTE/Ethernet, OCPP communication, RFID/NFC authentication, companion app, cloud energy management platform, OTA firmware, billing/payment processing.
3
Generate CRA dossier
Enter your charger's cybersecurity specifications into CRACheck. 15-25 minutes.
4
Verify conformity assessment route
Default: Module A. Critical (Annex IV): certification required under Art. 32.4. Check whether your charger includes a smart meter gateway.
5
Deliver to EU CPO partners
Charge Point Operators, energy utilities and installers will require CRA documentation.

The EU energy transition runs on connected devices. Every charger needs CRA documentation.

EV charger CRA mistakes

ANNEX IV.2

Our wallbox is just a charging device — it is not a critical product

Annex IV point 2 of Regulation (EU) 2024/2847 lists "smart meter gateways within smart metering systems" as Critical products. If your wallbox integrates a smart meter gateway for energy management, it falls under Annex IV. If it communicates with the meter but does not contain a gateway function, it is likely Default. The distinction depends on architecture.

ANNEX I, PART I, 1(a)

OCPP handles security — it is an industry standard protocol

OCPP (Open Charge Point Protocol) defines communication between charger and central management system. OCPP 2.0.1 includes security profiles. But the CRA requires you to document your specific implementation: how you handle OCPP authentication, transport encryption, session management. Referencing OCPP alone does not satisfy Annex VII. Document your implementation.

ART. 13.8

We provide firmware updates for 2 years — same as other electronics

EV chargers are infrastructure devices expected to operate for 10-15 years. Article 13.8 requires the support period to reflect expected use. A 2-year support period for a product with a 10-year operational life leaves 8 years without security updates. Market surveillance authorities and CPO partners will question this.

What each CRACheck dossier contains: 8 documents

EV chargers sit at the intersection of energy infrastructure and consumer electronics. CRACheck generates 8 documents covering the cybersecurity of both dimensions.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for EV charger CRA documentation

🧾 EV CHARGING COMPLIANCE CONSULTANCY (EUROPE)
€15,000–€30,000
Per charger platform. Covers energy regulation + CRA. 4-8 months.
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history