Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Annex III point 16 of Regulation (EU) 2024/2847 lists "smart home general purpose virtual assistants" as Important Class I. Your smart speaker integrates a voice assistant that controls other devices, answers questions and processes voice commands. It is not a simple Bluetooth speaker — it is a Class I product with digital elements. CRACheck generates the Annex VII technical documentation.

A smart speaker with a virtual assistant processes voice commands, manages smart home devices, accesses cloud services and often has an always-listening microphone. The cybersecurity surface is extensive: voice data privacy, authentication of connected devices, cloud API security, OTA firmware updates. Annex III point 16 classifies general-purpose virtual assistants as Class I. If harmonised standards are not fully applied, conformity assessment by a notified body is required under Article 32.2. CRACheck generates 8 PDF documents per Annex VII. 15-25 minutes. €149. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

Class I
General-purpose virtual assistants — Annex III point 16. Always-listening microphone = high cybersecurity scrutiny.
Voice data
Voice commands processed locally or in the cloud. Annex I requires data confidentiality.
€149
Per speaker model. Class I documentation for notified body review.

CRA documentation for a Chinese smart speaker with virtual assistant

A virtual assistant listens. CRA requires you to document how you secure what it hears.

1
Confirm Class I classification
General-purpose virtual assistant = Annex III point 16. If your speaker only plays Bluetooth audio without a VA, it is Default.
2
Map voice processing architecture
Wake word detection (local vs. cloud), voice command processing, device control protocols, cloud API calls, data retention, encryption.
3
Generate CRA dossier
Enter specifications into CRACheck. 15-25 minutes.
4
Engage notified body if needed
Without harmonised standards: Module B+C or Module H.
5
Document microphone behaviour
Always-listening, wake-word-only, manual activation. Users need clear documentation per Annex II.
6
Deliver to EU retail channels
Amazon, MediaMarkt, Fnac.

A virtual assistant listens. CRA requires you to document how you secure what it hears.

Smart speaker CRA mistakes

ANNEX III.16

Our speaker uses Alexa/Google — the platform vendor handles CRA

If your smart speaker integrates Alexa or Google Assistant, the platform vendor provides the VA service. But you are the manufacturer of the product with digital elements under Art. 3(13). Your hardware, your firmware, your WiFi module, your microphone, your OTA updates — all are your responsibility. The platform vendor's compliance does not cover your product.

ANNEX I, PART I, 1(c)

Voice data goes to Amazon/Google cloud — we do not process it

Annex I Part I point 1(c) requires protection of data confidentiality. Even if voice processing happens in the platform vendor's cloud, your product transmits the voice data over WiFi. The security of the transmission — encryption, authentication, channel integrity — is your responsibility. Document it.

ART. 13.8

If the platform vendor discontinues the VA service, that is not our problem

Art. 13.8 requires you to declare a support period. If the VA platform is discontinued within your support period, the product loses core functionality. Document the dependency on the platform and what happens to the product if the VA service is discontinued. Annex II requires informing users about the support period.

What each CRACheck dossier contains: 8 documents

Smart speakers with virtual assistants combine audio hardware, microphone privacy, cloud processing and smart home control. CRACheck documents all dimensions.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What you pay for smart speaker CRA documentation

🧾 SMART HOME CERTIFICATION + CRA CONSULTANCY
€10,000–€20,000
Per speaker platform. 3-6 months.
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history