Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your EV wallbox charger connects to WiFi, communicates with the vehicle via OCPP, manages energy via the companion app and receives firmware updates over the air. A cybersecurity vulnerability in an EV charger does not just expose user data — it can affect grid stability. Regulation (EU) 2024/2847 classifies EV chargers as products with digital elements. Annex VII technical documentation is mandatory. CRACheck generates it.

The European EV charging infrastructure rollout means millions of connected chargers on the grid by 2027. Each one is a network endpoint that manages energy flows, user authentication and billing data. Regulation (EU) 2024/2847 applies to all products with digital elements on the EU market — EV chargers included. If your charger integrates a smart meter gateway, it may fall under Annex IV point 2 (Critical product). Most home wallboxes without smart meter gateway integration are Default products. CRACheck generates 8 PDF documents per Article 31 and Annex VII. 15-25 minutes. €149. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Grid-connected
EV chargers manage energy flows. A cybersecurity breach can affect grid stability. High-scrutiny category.
Default / Critical
Home wallbox = typically Default. Charger with smart meter gateway = may be Critical (Annex IV.2).
€149
Per charger model. CRA documentation covering OCPP, WiFi/LTE, billing, energy management.

CRA compliance for a Chinese EV charger manufacturer

The EU energy transition runs on connected devices. Every charger needs CRA documentation.

1
Classify your charger
Home wallbox without smart meter gateway: Default. Charger with smart meter gateway: may be Critical under Annex IV point 2. Commercial DC fast charger: Default unless it integrates smart metering.
2
Map digital interfaces
WiFi/LTE/Ethernet, OCPP communication, RFID/NFC authentication, companion app, cloud energy management platform, OTA firmware, billing/payment processing.
3
Generate CRA dossier
Enter your charger's cybersecurity specifications into CRACheck. 15-25 minutes.
4
Verify conformity assessment route
Default: Module A. Critical (Annex IV): certification required under Art. 32.4. Check whether your charger includes a smart meter gateway.
5
Deliver to EU CPO partners
Charge Point Operators, energy utilities and installers will require CRA documentation.

The EU energy transition runs on connected devices. Every charger needs CRA documentation.

EV charger CRA mistakes

ANNEX IV.2

Our wallbox is just a charging device — it is not a critical product

Annex IV point 2 of Regulation (EU) 2024/2847 lists "smart meter gateways within smart metering systems" as Critical products. If your wallbox integrates a smart meter gateway for energy management, it falls under Annex IV. If it communicates with the meter but does not contain a gateway function, it is likely Default. The distinction depends on architecture.

ANNEX I, PART I, 1(a)

OCPP handles security — it is an industry standard protocol

OCPP (Open Charge Point Protocol) defines communication between charger and central management system. OCPP 2.0.1 includes security profiles. But the CRA requires you to document your specific implementation: how you handle OCPP authentication, transport encryption, session management. Referencing OCPP alone does not satisfy Annex VII. Document your implementation.

ART. 13.8

We provide firmware updates for 2 years — same as other electronics

EV chargers are infrastructure devices expected to operate for 10-15 years. Article 13.8 requires the support period to reflect expected use. A 2-year support period for a product with a 10-year operational life leaves 8 years without security updates. Market surveillance authorities and CPO partners will question this.

What each CRACheck dossier contains: 8 documents

EV chargers sit at the intersection of energy infrastructure and consumer electronics. CRACheck generates 8 documents covering the cybersecurity of both dimensions.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for EV charger CRA documentation

🧾 EV CHARGING COMPLIANCE CONSULTANCY (EUROPE)
€15,000–€30,000
Per charger platform. Covers energy regulation + CRA. 4-8 months.
✓ CRACHECK
€149
8 CRA documents. 15 min. Energy regulation compliance handled separately.

Cybersecurity documentation vs. energy regulation

● LAYER 1

What CRACheck does

Generates Annex VII documentation for your EV charger. Covers OCPP, WiFi/LTE, authentication, billing, energy management and OTA updates.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not assess compliance with energy sector regulations (Directive (EU) 2019/944), payment card industry standards (PCI-DSS) or OCPP certification. CRA covers cybersecurity documentation. Energy and payment compliance are separate.

We document cybersecurity. You handle energy regulation.

CRA penalty regime — Article 64 of Regulation (EU) 2024/2847

Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I) and Art. 13/14 obligations
€15M / 2.5%

Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.

🇪🇺
Non-compliance with technical documentation (Art. 31), authorised representative (Art. 18), conformity assessment (Art. 32)
€10M / 2%

Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.

🇪🇺
Supply of incorrect, incomplete or misleading information to authorities
€5M / 1%

Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.

Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.

Alternatives

AlternativeCostWhat you get
EV charging compliance consultancy€15,000–€30,000CRA + energy regulation. 4-8 months.
Rely on OCPP certification€0 additionalOCPP covers protocol compliance. CRA covers product cybersecurity. Separate.
Wait for CPO partner to enforce€0 nowLose the tender. CPOs will buy from compliant manufacturers.
CRACheck€1498 CRA docs. 15 min. Per charger model.

Your charger lineup includes wallbox, portable and DC fast models?

Each charger model with different firmware, connectivity or digital capabilities needs its own CRA dossier. Volume pricing: €99/product (10-pack), €79/product (30-pack).

Request volume pricing
Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Is my home wallbox Default or Critical under CRA?
Most home wallboxes are Default. Annex IV point 2 lists "smart meter gateways within smart metering systems." If your wallbox integrates a smart meter gateway function, it is Critical. If it communicates with external meters but the gateway is elsewhere, it is typically Default.
Does the CRA cover the billing/payment system?
If your charger processes payments, the payment-related digital elements are part of the product. Document the security of payment data handling in your Annex VII documentation. PCI-DSS compliance is separate from CRA but complementary.
What support period for an EV charger?
EV chargers are infrastructure devices with 10-15 year expected lifetimes. Art. 13.8 requires the support period to reflect expected use. A support period of 8-10 years of security updates is consistent with industry expectations.
Does the CRA apply if we sell the charger to a CPO (B2B) rather than a consumer?
Yes. Article 2.1 applies to products with digital elements made available on the EU market. It does not distinguish B2B from B2C. A charger sold to a CPO is placed on the EU market. CRA applies.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.
Can I request a refund?
Pursuant to Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.
What if the regulation changes?
If the regulation changes during the validity of your licence, you can regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your EV charger is a grid-connected product with digital elements. CRA documentation is mandatory. Generate it — 15 minutes, €149.

€149 one-time payment
8 professional documents · 15-25 minutes · No subscription · 100% in your browser
Generate CRA dossier — €149

Related landings

⚡ Smart Meter

CRA compliance smart meter gateway manufacturer China
🏭 IoT

CRA compliance China manufacturer IoT device EU market 2027
🏭 Dongguan

CRA compliance Dongguan Ningbo electronics factory EU export
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history