The CRA penalty regime is modelled on GDPR. Fines are calculated on worldwide annual turnover — not EU-specific revenue. Article 64.2 covers non-compliance with Annex I cybersecurity requirements and Articles 13/14 obligations: up to €15M or 2.5%. Article 64.3 covers non-compliance with documentation (Art. 31), declarations (Art. 28), conformity assessment (Art. 32) and authorised representative (Art. 18) obligations: up to €10M or 2%. Article 64.4 covers supply of incorrect information to authorities: up to €5M or 1%. The enforcement mechanism: EU market surveillance authorities can order product withdrawal under Art. 58 and impose fines under Art. 64. CRACheck generates 8 PDF documents demonstrating compliance with Art. 31 and Annex VII. 15-25 minutes. €149. The cheapest insurance against a €15M exposure.
€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side
The fine is on global turnover. The documentation costs €149. The arithmetic is simple.
The fine is on global turnover. The documentation costs €149. The arithmetic is simple.
Correct — direct enforcement against a company with no EU presence is difficult. But Article 64 fines are imposed on the economic operator in the EU: your importer, your authorised representative or the marketplace operator. If your EU importer faces a €10M fine under Art. 64.3 because you did not provide documentation, they will stop buying from you. The fine may not land on you directly. The commercial consequence does.
Article 64.5 requires consideration of all relevant circumstances including gravity, duration and company size. For an SME, the fine will be lower. For a large manufacturer with systematic non-compliance across multiple products, it can approach the maximum. The fine for a single documentation failure may be €50K-€500K — but the product withdrawal order under Art. 58 costs more in lost revenue.
Article 58 of Regulation (EU) 2024/2847 empowers market surveillance authorities to order product withdrawal, recall and prohibition of making available. The fine is one consequence. Product withdrawal from the EU market is another. You cannot "absorb" a market withdrawal — it means your product cannot be sold in the EU until compliance is demonstrated.
Documentation is the first line of defense against CRA penalties. If market surveillance requests your Annex VII documentation and you can provide it, the investigation often ends there. If you cannot, enforcement escalates.
Determines product category per Annex III. Defines conformity assessment route under Art. 32.
Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.
Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.
Information and instructions per Annex II. Security properties, support period, vulnerability reporting.
EU declaration of conformity per Art. 28 and Annex V.
Coordinated Vulnerability Disclosure policy per Annex I Part II.
Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.
Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.
Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.
Generated in your browser. No product data is transmitted to any server.
Generates the Annex VII documentation that market surveillance authorities will request first. Having it ready prevents escalation from inquiry to enforcement.
CRACheck does not provide legal defense, represent you before market surveillance authorities or guarantee that no fine will be imposed. It generates documentation. Documentation is the first compliance checkpoint.
We generate documentation. You avoid the enforcement chain.
Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.
Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.
Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.
Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.
Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.
| Alternative | Cost | What you get |
|---|---|---|
| React after enforcement action | €50,000–€15,000,000 | Fine + withdrawal + legal costs + reputational damage. |
| Hire compliance counsel after market surveillance contact | €20,000–€100,000 | Rush legal engagement. Damage already done. |
| Hope enforcement is slow | €0 now | 27 EU member states × multiple market surveillance authorities. Random inspection risk. |
| CRACheck before enforcement | €149 | 8 docs. 15 min. Ready before any authority asks. |
Each non-compliant product is a separate enforcement risk. Document all your EU products. Volume pricing: €99/product (10-pack), €79/product (30-pack).
Request volume pricingCRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.
We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.
CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.