Are all cameras Class I under the CRA?

Annex III point 17 lists "security cameras" as Important Class I. A camera marketed exclusively as a webcam for video calls may not fall under this category. However, if the product can reasonably be used for home security monitoring — and most IP cameras can — market surveillance authorities may classify it as Class I. When in doubt, document as Class I.

When will CRA harmonised standards for cameras be available?

The European Commission has mandated CEN/CENELEC to develop harmonised standards under Regulation (EU) 2024/2847. The timeline for publication depends on the standardisation process. If harmonised standards are available and you apply them fully, Module A self-assessment is sufficient even for Class I. Monitor EUR-Lex and the Official Journal for publications.

Does the CRA cover the privacy aspects of cameras?

Regulation (EU) 2024/2847 covers cybersecurity, not data protection. GDPR covers privacy. However, Annex I Part I point 1(c) requires the product to protect the confidentiality of stored, transmitted and processed data — which overlaps with privacy. The CRA documentation addresses the cybersecurity dimension. Privacy compliance is separate.

Our camera connects to our proprietary cloud — does the cloud fall under CRA?

Article 3(1) defines a product with digital elements as including "remote data processing solutions." If your camera's functionality depends on a cloud service you provide, the cloud component is part of the product and must be documented. CRACheck covers the documentation of remote data processing solutions within the Technical Documentation.

Is this a subscription?

No. One-time payment. 30 days editing, 10 regenerations. PDF yours permanently.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83, licence activation constitutes express consent. Refunds only for reproducible technical failures.

What if the regulation changes?

Regenerate at no additional cost during licence validity.

Your IP camera is listed as Important Class I in Annex III point 17 of Regulation (EU) 2024/2847. "Smart home products with security functionalities, including security cameras" — that is the exact regulatory text. Class I means conformity assessment under Article 32.2 if harmonised standards are not applied. CRACheck generates the Annex VII technical documentation the notified body will review.

European hotel chains, office building managers and retail security integrators are adding CRA compliance clauses to their procurement specifications. An IP camera that cannot demonstrate Annex VII documentation will not pass procurement in 2027. Annex III point 17 of Regulation (EU) 2024/2847 classifies security cameras as Important Class I. If you have not applied the relevant harmonised standard in full, Art. 32.2 requires conformity assessment by a notified body — either Module B+C or Module H. The notified body needs your technical documentation. CRACheck generates it: 8 PDFs, 15-25 minutes, €149 per product.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key numbers

Class I

Security cameras — Annex III point 17. Important product with conformity assessment obligation.

Art. 32.2

Without harmonised standards: notified body assessment required (Module B+C or H).

€149

CRACheck generates the technical documentation. The notified body reviews it.

How CRACheck works

You enter your product data. CRACheck structures the documentation per Article 31 + Annex VII.

Confirm Class I classification

Annex III point 17: "smart home products with security functionalities, including security cameras." Your IP camera is Class I. No ambiguity.

Check harmonised standards

If harmonised standards under Regulation (EU) 2024/2847 are published and you apply them in full, Module A self-assessment is sufficient. If not published or not fully applied, you need a notified body.

Generate Annex VII documentation

CRACheck generates the 8-document dossier the notified body will review. Enter your camera's specifications: firmware, video processing, cloud connectivity, update mechanism, vulnerability handling.

Engage a notified body

Submit the documentation for Module B (EU-type examination) or Module H (full quality assurance) assessment.

Receive conformity certificate

The notified body issues the certificate. You update your declaration of conformity to reference Regulation (EU) 2024/2847.

Affix CE marking and ship

Your camera now carries CE marking covering RED + CRA. Ship to EU distributors with the complete documentation package.

Common mistakes

❌

ANNEX III.17

"Our camera is a simple consumer device — it is a Default product"

Annex III point 17 of Regulation (EU) 2024/2847 explicitly names "security cameras" as Important Class I products. The regulatory text does not distinguish between professional CCTV and consumer security cameras. If your product is marketed or can be used as a security camera, it is Class I.

❌

ART. 32.2

"We can self-assess our camera under Module A"

Module A self-assessment under Art. 32.1(a) applies to Default products or to Important Class I products where harmonised standards are fully applied. If the relevant CRA harmonised standard is not yet published or you have not applied it in full, Art. 32.2 requires conformity assessment by a notified body.

❌

ART. 14

"Vulnerability reporting is only for software companies"

Article 14 of Regulation (EU) 2024/2847 applies to manufacturers of all products with digital elements — including hardware manufacturers. If a vulnerability in your camera's firmware is actively exploited, you must notify ENISA and the designated CSIRT within 24 hours. This obligation applies from 11 September 2026.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Classifies camera as Class I per Annex III point 17. No ambiguity for security cameras.

Technical Documentation

Art. 31 + Annex VII. Covers video processing, cloud connectivity, encryption, firmware update architecture, access control.

Risk Assessment

Art. 13.2-13.3. Includes network exposure, unauthorized camera access, credential theft, firmware tampering.

User Information

Annex II. Privacy settings, recording notification, secure setup, vulnerability reporting, secure disposal.

Declaration of Conformity

Art. 28 + Annex V. References CRA alongside RED and any other applicable directives.

CVD Policy

Coordinated Vulnerability Disclosure for firmware vulnerabilities. Critical for cameras with cloud connectivity.

Notification Template

Art. 14 ENISA notification for camera-specific incidents and vulnerabilities.

Obligations Calendar

CRA dates with Class I notified body milestones and support period.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 NOTIFIED BODY + DOCUMENTATION PACKAGE

€8,000–€20,000

Documentation + assessment bundle. 3-6 months.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history