What are the 10 content categories of Annex VII?

Annex VII requires: (1) general product description, (2) design and development information including SBOM, (3) cybersecurity risk assessment, (4) applied harmonised standards, (5) EU Declaration of Conformity or reference, (6) conformity assessment module documentation, (7) test reports, (8) vulnerability handling procedures, (9) support period and update mechanisms, (10) any other information relevant to demonstrating conformity.

Can I use CRACheck's output directly with a Notified Body?

CRACheck generates the documentation structure. For Important Class II or Critical products, the Notified Body will review the technical file. CRACheck's output provides the structured foundation for that review.

What language should the technical documentation be in?

Article 31(7) states that the technical documentation shall be drawn up in one of the official languages of the EU. Market surveillance authorities may request a translation. CRACheck generates documentation in English.

Is this a subscription?

No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours permanently.

Can I request a refund?

Under Art. 16(m) of Directive (EU) 2011/83, activating the licence constitutes express consent for immediate generation of digital content, waiving the 14-day withdrawal right. Refunds are only processed for reproducible technical failures.

What if the regulation changes?

If Regulation (EU) 2024/2847 is amended during your licence window, you can regenerate the documentation using the updated version of the generator at no additional cost.

Annex VII of Regulation (EU) 2024/2847 requires technical documentation covering 10 content categories — from general product description to cybersecurity risk assessment to conformity assessment references. Article 31 says this documentation must be drawn up before the product is placed on the EU market. CRACheck generates the complete Annex VII structure from your input data.

Q: How long must I retain the technical documentation?

Article 31(4) requires that the technical documentation be kept at the disposal of market surveillance authorities for 10 years after the product has been placed on the market.

The technical documentation under Art. 31 is the backbone of your CRA compliance file. Without it, you cannot declare conformity under Art. 28, apply CE marking under Art. 30, or pass a market surveillance inspection under Art. 52. Annex VII requires: general description, design and development details (including SBOM), cybersecurity risk assessment, applied harmonised standards, test results, conformity assessment documentation, vulnerability handling procedures, and support period information. CRACheck structures all 10 categories into one cohesive document package. €149 per product. 15–25 minutes. Browser-side.

Generate CRA dossier — €149 Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Key figures

10 categories

Annex VII requires 10 distinct content categories in the technical documentation

Art. 31

Documentation must be drawn up before the product is placed on the market and kept updated throughout the support period

10 years

Art. 31(4): technical documentation must be kept at the disposal of market surveillance authorities for 10 years

How CRACheck structures the Annex VII documentation

General product description

Enter product name, type, intended purpose, and hardware/software versions. Maps to Annex VII, Section 1.

Design and development information

Provide architecture details, development methodology, cybersecurity-by-design measures, SBOM reference. Maps to Section 2.

Cybersecurity risk assessment

CRACheck structures the risk assessment against Annex I (Part I + Part II). Maps to Section 3.

Applied standards and specifications

Indicate harmonised standards, technical specifications, or other normative references applied. Maps to Section 4.

Conformity assessment documentation

CRACheck populates the conformity assessment module reference based on your product classification. Maps to Sections 5–7.

Vulnerability handling and support

Document vulnerability handling procedures, support period, and update delivery mechanisms. Maps to Sections 8–10.

Download complete file

8 PDFs including the Technical Documentation as the central document.

Common mistakes

❌

ANNEX VII

"We'll use our existing CE technical file."

The CRA's Annex VII is specific to cybersecurity for products with digital elements. Existing CE technical files under RED, LVD, or Machinery Regulation cover different requirements. The CRA technical file is a separate document.

❌

ART. 31(1)

"We can write the documentation after launch and backdate it."

Article 31(1) states: the technical documentation shall be drawn up before the product is placed on the market. Backdating is a misrepresentation — sanctionable under Art. 64(3).

❌

ANNEX VII

"A 5-page summary is sufficient."

Annex VII lists 10 content categories, several with multiple sub-requirements. A summary does not satisfy the structure. Market surveillance authorities expect each category addressed explicitly.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

Product Classifier

Classification determining conformity assessment references in the Technical Documentation.

Technical Documentation

Primary deliverable. Complete Art. 31 + Annex VII file covering all 10 content categories.

Risk Assessment

Cybersecurity risk assessment forming Section 3 of the Technical Documentation.

User Information

Annex II document referenced in the Technical Documentation.

Declaration of Conformity

Art. 28 + Annex V. Cross-referenced in the Technical Documentation.

CVD Policy

Art. 13(6). Referenced in the vulnerability handling section.

Notification Template

Art. 14. Referenced in incident response procedures. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

Obligations Calendar

Includes documentation update milestones and 10-year retention obligation.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 TECHNICAL DOCUMENTATION CONSULTANCY

€8,000–€25,000 per product

6–16 weeks

Multiple stakeholder interviews

Delivered in the consultant's format

✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history