Do I need CRA certification or CRA documentation?

For Default products (90% of IoT), you need documentation + self-assessment (Module A). No external certification. For Class I without harmonised standards, Class II and Critical products, you need external assessment (notified body or certification body) plus documentation. In all cases, Annex VII documentation is required.

How much does full EU market access cost for an IoT product?

CRA documentation: €149 (CRACheck). CE testing (EMC/RED): €1,000-€3,000 (local Chinese lab). RoHS/REACH: €500-€1,500 (local lab). Total: approximately €1,500-€5,000 depending on product complexity. Compare with €15,000-€30,000 for a European consultant to handle everything.

Can I sell on Amazon EU without CRA documentation?

After 11 December 2027, Amazon will require CRA compliance documentation for connected products, as they required GPSR documentation in July 2024. Without documentation, your listing risks suspension.

I am a one-person startup — does CRA still apply?

Yes. Art. 2.1 applies regardless of company size. However, Art. 64.5(c) considers company size for fine calculation, and Art. 64.10 provides derogations for micro and small enterprises. The documentation obligation is the same; the penalty is proportional.

Is this a subscription?

No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.

Can I request a refund?

Pursuant to Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content, waiving the 14-day withdrawal period. Refunds are accepted only for reproducible technical failures.

What if the regulation changes?

If the regulation changes during the validity of your licence, you can regenerate the document with the updated version of the generator at no additional cost.

You have an IoT product in China and want to sell it in Europe. You have heard about "CRA certification." Here is the precise picture: Regulation (EU) 2024/2847 requires conformity assessment — not certification — for most products. 90% of IoT devices are Default products eligible for Module A self-assessment. You assess conformity yourself, produce technical documentation under Annex VII, draft the Declaration of Conformity, affix CE marking and sell. CRACheck generates the documentation.

The term "CRA certification" is commonly used but technically imprecise. The Cyber Resilience Act uses "conformity assessment." For Default products — which include approximately 90% of IoT devices — conformity assessment is Module A: internal control. You, the manufacturer, assess whether your product meets the essential cybersecurity requirements of Annex I, produce technical documentation under Annex VII, draft the EU Declaration of Conformity under Annex V and affix CE marking. No external body is required for Default products. CRACheck generates the 8 documents you need. 15-25 minutes. €149. Browser-side.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15-25 minutes · Browser-side

Key numbers

90%

Of IoT products are Default. Module A self-assessment. No external certification body needed.

8 documents

CRACheck generates the complete Annex VII dossier. The documentation you need for CE marking.

€149

Total cost for CRA documentation. Compare with €10K+ for a consultancy engagement.

Step-by-step: CRA compliance for your IoT product from China to Europe

Seven steps. One afternoon. €149. Your IoT product is ready for the EU market.

Check if your product is in scope

Does it have a data connection (WiFi, Bluetooth, Zigbee, LTE, Ethernet)? If yes, it is a product with digital elements under Art. 2.1. CRA applies.

Classify your product

Use the free CRACheck classifier. Default = Module A (self-assessment). Class I = Module A if harmonised standards applied, otherwise notified body. Class II = always notified body. Critical = certification.

Generate Annex VII documentation

Enter your product data into CRACheck. 15-25 minutes. Download 8 PDFs.

Review the documentation

Check that all specifications are accurate. CRACheck allows 10 regenerations.

Draft the Declaration of Conformity

CRACheck generates this as Doc 5. Sign it as manufacturer.

Affix CE marking

Your product now bears CE marking covering Regulation (EU) 2024/2847.

Sell in Europe

Ship to EU distributors, list on Amazon EU, sell via your own website. Include documentation in the product file.

Seven steps. One afternoon. €149. Your IoT product is ready for the EU market.

First-time exporter CRA mistakes

❌

TERMINOLOGY

I need CRA certification from a European lab

For Default products (90% of IoT devices), no external certification or lab is required. Module A under Art. 32.1(a) is self-assessment: you produce the documentation, you declare conformity, you affix CE marking. A lab or notified body is only required for Important Class I without harmonised standards (Art. 32.2), Class II (Art. 32.3) or Critical (Art. 32.4).

❌

ART. 30

I already have CE marking from my EMC lab — I am covered

Your existing CE marking covers EMC (2014/30/EU) and possibly RED (2014/53/EU). CE marking under the CRA is a separate conformity declaration for Regulation (EU) 2024/2847. You keep one CE mark, but it must now cover CRA alongside your existing directives. The technical documentation under Annex VII is additional.

❌

SCOPE

My product is too small/simple for CRA — it is just a Bluetooth sensor

Art. 2.1 covers all products with digital elements that have a data connection. A Bluetooth sensor has a data connection. Size and simplicity do not exempt it. The CRA compliance path for a simple Default product is proportional: Module A, 8 documents, 15 minutes, €149.

What each CRACheck dossier contains: 8 documents

First time exporting to the EU? Here is what each document does and why you need it.

Product Classifier

Determines product category per Annex III. Defines conformity assessment route under Art. 32.

Technical Documentation

Complete technical documentation structured per Art. 31 and Annex VII. All 8 mandatory sections.

Risk Assessment

Cybersecurity risk assessment per Art. 13.2 and Art. 13.3. Mapped against Annex I Part I requirements.

User Information

Information and instructions per Annex II. Security properties, support period, vulnerability reporting.

Declaration of Conformity

EU declaration of conformity per Art. 28 and Annex V.

CVD Policy

Coordinated Vulnerability Disclosure policy per Annex I Part II.

ENISA Notification Template

Pre-structured for 24h early warning, 72h notification, 14-day final report under Art. 14.

Obligations Calendar

Key dates: Art. 14 from 11 Sep 2026, full enforcement 11 Dec 2027, support period per Art. 13.8.

Mira antes de comprar — Descargar dossier de muestra (PDF, empresa ficticia) — Estructura real, artículos reales, formato real. Datos ficticios.

Generated in your browser. No product data is transmitted to any server.

What CRA compliance actually costs

🧾 HIRE A EUROPEAN CONSULTANT TO GUIDE YOU THROUGH CRA

€5,000–€15,000

2-4 months. Assumes you already know EU regulation. You do not.

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history