Article 64 of Regulation (EU) 2024/2847 establishes three tiers of administrative fines. The highest — €15 million or 2.5% of total worldwide annual turnover — applies to non-compliance with essential cybersecurity requirements and manufacturer obligations under Articles 13 and 14. The fine is calculated on global turnover, not EU revenue. If your company sells €200 million globally and 10% goes to the EU, the fine is based on €200 million. CRACheck generates the documentation that demonstrates compliance.

The CRA penalty regime is modelled on GDPR. Fines are calculated on worldwide annual turnover — not EU-specific revenue. Article 64.2 covers non-compliance with Annex I cybersecurity requirements and Articles 13/14 obligations: up to €15M or 2.5%. Article 64.3 covers non-compliance with documentation (Art. 31), declarations (Art. 28), conformity assessment (Art. 32) and authorised representative (Art. 18) obligations: up to €10M or 2%. Article 64.4 covers supply of incorrect information to authorities: up to €5M or 1%. The enforcement mechanism: EU market surveillance authorities can order product withdrawal under Art. 58 and impose fines under Art. 64. CRACheck generates 8 PDF documents demonstrating compliance with Art. 31 and Annex VII. 15-25 minutes. €149. The cheapest insurance against a €15M exposure.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Key numbers

€15M / 2.5%

Art. 64.2. Non-compliance with Annex I + Art. 13 + Art. 14. Highest tier.

€10M / 2%

Art. 64.3. Non-compliance with Art. 31 documentation, Art. 28 declaration, Art. 32 assessment.

€5M / 1%

Art. 64.4. Incorrect, incomplete or misleading information to authorities.

How CRA enforcement works for a Chinese manufacturer

The fine is on global turnover. The documentation costs €149. The arithmetic is simple.

Market surveillance authority identifies non-compliance

EU national authorities inspect products on the EU market. They can request documentation from the manufacturer or the EU importer.

Documentation request

The authority requests your Annex VII technical documentation, Declaration of Conformity and evidence of conformity assessment. If you cannot provide it, non-compliance is established.

Corrective action order

Art. 58: the authority can order withdrawal, recall or restriction of the product from the EU market.

Fine calculation

Art. 64.5 considers the nature, gravity and duration of the infringement, whether fines have been applied before, the size of the undertaking including consideration for SMEs and start-ups.

Enforcement against non-EU manufacturers

Fines are imposed on the economic operator placing the product on the EU market. For non-EU manufacturers, enforcement typically flows through the EU importer or authorised representative. The importer faces fines for their Art. 19 obligations.

The fine is on global turnover. The documentation costs €149. The arithmetic is simple.

Penalty misconceptions

❌

ART. 64

EU authorities cannot fine a Chinese company — we are outside their jurisdiction

Correct — direct enforcement against a company with no EU presence is difficult. But Article 64 fines are imposed on the economic operator in the EU: your importer, your authorised representative or the marketplace operator. If your EU importer faces a €10M fine under Art. 64.3 because you did not provide documentation, they will stop buying from you. The fine may not land on you directly. The commercial consequence does.

❌

ART. 64.5

€15 million is the maximum — the actual fine will be much lower

Article 64.5 requires consideration of all relevant circumstances including gravity, duration and company size. For an SME, the fine will be lower. For a large manufacturer with systematic non-compliance across multiple products, it can approach the maximum. The fine for a single documentation failure may be €50K-€500K — but the product withdrawal order under Art. 58 costs more in lost revenue.

❌

ART. 58

A fine is just money — we can absorb it and continue selling

Article 58 of Regulation (EU) 2024/2847 empowers market surveillance authorities to order product withdrawal, recall and prohibition of making available. The fine is one consequence. Product withdrawal from the EU market is another. You cannot "absorb" a market withdrawal — it means your product cannot be sold in the EU until compliance is demonstrated.

What each CRACheck dossier contains: 8 documents

Documentation is the first line of defense against CRA penalties. If market surveillance requests your Annex VII documentation and you can provide it, the investigation often ends there. If you cannot, enforcement escalates.

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

€15 million or €149

🧾 POTENTIAL CRA FINE + PRODUCT WITHDRAWAL

€50,000–€15,000,000

Fine + lost EU revenue + reputational damage. Indefinite.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history