Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

You have an IoT product in China and want to sell it in Europe. You have heard about "CRA certification." Here is the precise picture: Regulation (EU) 2024/2847 requires conformity assessment — not certification — for most products. 90% of IoT devices are Default products eligible for Module A self-assessment. You assess conformity yourself, produce technical documentation under Annex VII, draft the Declaration of Conformity, affix CE marking and sell. CRACheck generates the documentation.

The term "CRA certification" is commonly used but technically imprecise. The Cyber Resilience Act uses "conformity assessment." For Default products — which include approximately 90% of IoT devices — conformity assessment is Module A: internal control. You, the manufacturer, assess whether your product meets the essential cybersecurity requirements of Annex I, produce technical documentation under Annex VII, draft the EU Declaration of Conformity under Annex V and affix CE marking. No external body is required for Default products. CRACheck generates the 8 documents you need. 15-25 minutes. €149. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 8 documents · 100% browser-side

Key numbers

90%
Of IoT products are Default. Module A self-assessment. No external certification body needed.
8 documents
CRACheck generates the complete Annex VII dossier. The documentation you need for CE marking.
€149
Total cost for CRA documentation. Compare with €10K+ for a consultancy engagement.

Step-by-step: CRA compliance for your IoT product from China to Europe

Seven steps. One afternoon. €149. Your IoT product is ready for the EU market.

1
Check if your product is in scope
Does it have a data connection (WiFi, Bluetooth, Zigbee, LTE, Ethernet)? If yes, it is a product with digital elements under Art. 2.1. CRA applies.
2
Classify your product
Use the free CRACheck classifier. Default = Module A (self-assessment). Class I = Module A if harmonised standards applied, otherwise notified body. Class II = always notified body. Critical = certification.
3
Generate Annex VII documentation
Enter your product data into CRACheck. 15-25 minutes. Download 8 PDFs.
4
Review the documentation
Check that all specifications are accurate. CRACheck allows 10 regenerations.
5
Draft the Declaration of Conformity
CRACheck generates this as Doc 5. Sign it as manufacturer.
6
Affix CE marking
Your product now bears CE marking covering Regulation (EU) 2024/2847.
7
Sell in Europe
Ship to EU distributors, list on Amazon EU, sell via your own website. Include documentation in the product file.

Seven steps. One afternoon. €149. Your IoT product is ready for the EU market.

First-time exporter CRA mistakes

TERMINOLOGY

I need CRA certification from a European lab

For Default products (90% of IoT devices), no external certification or lab is required. Module A under Art. 32.1(a) is self-assessment: you produce the documentation, you declare conformity, you affix CE marking. A lab or notified body is only required for Important Class I without harmonised standards (Art. 32.2), Class II (Art. 32.3) or Critical (Art. 32.4).

ART. 30

I already have CE marking from my EMC lab — I am covered

Your existing CE marking covers EMC (2014/30/EU) and possibly RED (2014/53/EU). CE marking under the CRA is a separate conformity declaration for Regulation (EU) 2024/2847. You keep one CE mark, but it must now cover CRA alongside your existing directives. The technical documentation under Annex VII is additional.

SCOPE

My product is too small/simple for CRA — it is just a Bluetooth sensor

Art. 2.1 covers all products with digital elements that have a data connection. A Bluetooth sensor has a data connection. Size and simplicity do not exempt it. The CRA compliance path for a simple Default product is proportional: Module A, 8 documents, 15 minutes, €149.

What each CRACheck dossier contains: 8 documents

First time exporting to the EU? Here is what each document does and why you need it.

1

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

2

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

3

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

4

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

5

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

6

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

7

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

8

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What CRA compliance actually costs

🧾 HIRE A EUROPEAN CONSULTANT TO GUIDE YOU THROUGH CRA
€5,000–€15,000
2-4 months. Assumes you already know EU regulation. You do not.
✓ CRACHECK
€149
8 documents. 15 min. Guided process. No prior EU regulation knowledge needed.

CRA documentation vs. full CE compliance

● LAYER 1

What CRACheck does

Guides you through the CRA documentation process step by step. Generates 8 professional PDF documents. For Default products, this is all you need for CRA compliance.

∅ LAYER 2

What CRACheck does NOT do

CRACheck does not handle EMC testing, RED radio certification, LVD safety testing or any physical product testing. For a complete CE dossier, you also need these — your local testing lab handles them.

CRACheck handles CRA. Your testing lab handles EMC/RED/LVD. Together, your EU market access is complete.

CRA penalty regime — Article 64 of Regulation (EU) 2024/2847

Article 64 establishes three tiers of administrative fines. Penalties are calculated per undertaking — but non-compliance on a single product can trigger inspection of your entire portfolio.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I) and Art. 13/14 obligations
€15M / 2.5%

Art. 64.2. Up to €15 million or 2.5% of total worldwide annual turnover, whichever is higher.

🇪🇺
Non-compliance with technical documentation (Art. 31), authorised representative (Art. 18), conformity assessment (Art. 32)
€10M / 2%

Art. 64.3. Up to €10 million or 2% of total worldwide annual turnover, whichever is higher. Includes failure to produce Annex VII documentation.

🇪🇺
Supply of incorrect, incomplete or misleading information to authorities
€5M / 1%

Art. 64.4. Up to €5 million or 1% of total worldwide annual turnover, whichever is higher.

Art. 64.5 accounts for the nature, gravity and duration of the infringement, and gives consideration to microenterprises, small and medium-sized enterprises, including start-ups.

Alternatives

AlternativeCostWhat you get
European regulatory consultant€5,000–€15,000Full guidance. 2-4 months.
Read the Regulation yourself€0 + weeks81 pages of regulatory text. High risk of misinterpretation.
Skip CRA and hope nobody checks€0 nowUp to €10M fine. Product withdrawal. EU market ban.
CRACheck€149Guided process. 8 docs. 15 min. No prior EU knowledge needed.

Planning to launch multiple IoT products in Europe?

Each product needs its own CRA dossier. Volume pricing: €99/product (10-pack), €79/product (30-pack).

Request volume pricing
Response within one business day.

What CRACheck guarantees and what it does not

CRACheck generates a structured document according to Article 31 and Annex VII of Regulation (EU) 2024/2847 from the information you provide. The accuracy, completeness and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions

Do I need CRA certification or CRA documentation?
For Default products (90% of IoT), you need documentation + self-assessment (Module A). No external certification. For Class I without harmonised standards, Class II and Critical products, you need external assessment (notified body or certification body) plus documentation. In all cases, Annex VII documentation is required.
How much does full EU market access cost for an IoT product?
CRA documentation: €149 (CRACheck). CE testing (EMC/RED): €1,000-€3,000 (local Chinese lab). RoHS/REACH: €500-€1,500 (local lab). Total: approximately €1,500-€5,000 depending on product complexity. Compare with €15,000-€30,000 for a European consultant to handle everything.
Can I sell on Amazon EU without CRA documentation?
After 11 December 2027, Amazon will require CRA compliance documentation for connected products, as they required GPSR documentation in July 2024. Without documentation, your listing risks suspension.
I am a one-person startup — does CRA still apply?
Yes. Art. 2.1 applies regardless of company size. However, Art. 64.5(c) considers company size for fine calculation, and Art. 64.10 provides derogations for micro and small enterprises. The documentation obligation is the same; the penalty is proportional.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.
Can I request a refund?
Pursuant to Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.
What if the regulation changes?
If the regulation changes during the validity of your licence, you can regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Your first IoT product for Europe. CRA documentation in 15 minutes. €149. Start now.

€149 one-time payment
8 professional documents · 15-25 minutes · No subscription · 100% in your browser
Generate CRA dossier — €149

Related landings

🏭 China IoT

CRA compliance China manufacturer IoT device EU market 2027
🏠 CE Marking

CE marking CRA smart home device China exporter EU
🔐 Module A

CRA self-assessment Module A default product China manufacturer
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history