Reg (EU) 2024/2847Generate dossier — €149
LIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Annex VII of Regulation (EU) 2024/2847 requires technical documentation covering 10 content categories — from general product description to cybersecurity risk assessment to conformity assessment references. Article 31 says this documentation must be drawn up before the product is placed on the EU market. CRACheck generates the complete Annex VII structure from your input data.

The technical documentation under Art. 31 is the backbone of your CRA compliance file. Without it, you cannot declare conformity under Art. 28, apply CE marking under Art. 30, or pass a market surveillance inspection under Art. 52. Annex VII requires: general description, design and development details (including SBOM), cybersecurity risk assessment, applied harmonised standards, test results, conformity assessment documentation, vulnerability handling procedures, and support period information. CRACheck structures all 10 categories into one cohesive document package. €149 per product. 15–25 minutes. Browser-side.

Generate CRA dossier — €149Free: check your product classification

€149 one-time · 8-document ZIP · 15–25 minutes · Browser-side

Regulation (EU) 2024/2847 · Art. 31 + Annex VII · 10 content categories · 8 documents · 100% browser-side

Key figures

10 categories
Annex VII requires 10 distinct content categories in the technical documentation
Art. 31
Documentation must be drawn up before the product is placed on the market and kept updated throughout the support period
10 years
Art. 31(4): technical documentation must be kept at the disposal of market surveillance authorities for 10 years

How CRACheck structures the Annex VII documentation

1
General product description
Enter product name, type, intended purpose, and hardware/software versions. Maps to Annex VII, Section 1.
2
Design and development information
Provide architecture details, development methodology, cybersecurity-by-design measures, SBOM reference. Maps to Section 2.
3
Cybersecurity risk assessment
CRACheck structures the risk assessment against Annex I (Part I + Part II). Maps to Section 3.
4
Applied standards and specifications
Indicate harmonised standards, technical specifications, or other normative references applied. Maps to Section 4.
5
Conformity assessment documentation
CRACheck populates the conformity assessment module reference based on your product classification. Maps to Sections 5–7.
6
Vulnerability handling and support
Document vulnerability handling procedures, support period, and update delivery mechanisms. Maps to Sections 8–10.
7
Download complete file
8 PDFs including the Technical Documentation as the central document.

Common mistakes

ANNEX VII

"We'll use our existing CE technical file."

The CRA's Annex VII is specific to cybersecurity for products with digital elements. Existing CE technical files under RED, LVD, or Machinery Regulation cover different requirements. The CRA technical file is a separate document.

ART. 31(1)

"We can write the documentation after launch and backdate it."

Article 31(1) states: the technical documentation shall be drawn up before the product is placed on the market. Backdating is a misrepresentation — sanctionable under Art. 64(3).

ANNEX VII

"A 5-page summary is sufficient."

Annex VII lists 10 content categories, several with multiple sub-requirements. A summary does not satisfy the structure. Market surveillance authorities expect each category addressed explicitly.

What the ZIP contains

8 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classifier

Classification determining conformity assessment references in the Technical Documentation.

2

Technical Documentation

Primary deliverable. Complete Art. 31 + Annex VII file covering all 10 content categories.

3

Risk Assessment

Cybersecurity risk assessment forming Section 3 of the Technical Documentation.

4

User Information

Annex II document referenced in the Technical Documentation.

5

Declaration of Conformity

Art. 28 + Annex V. Cross-referenced in the Technical Documentation.

6

CVD Policy

Art. 13(6). Referenced in the vulnerability handling section.

7

Notification Template

Art. 14. Referenced in incident response procedures. Art. 14(2): early warning within 24h, notification within 72h, final report within 14 days.

8

Obligations Calendar

Includes documentation update milestones and 10-year retention obligation.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 TECHNICAL DOCUMENTATION CONSULTANCY
€8,000–€25,000 per product
6–16 weeks
Multiple stakeholder interviews
Delivered in the consultant's format
✓ CRACHECK
€149 — Structured Annex VII documentation + 7 documents
15–25 minutes
Your format, your data, your browser
Pack: €99/product (10), €79/product (30)

Two layers

● LAYER 1 — DOCUMENTATION · CRACHECK

Documentation layer

CRACheck generates a complete Technical Documentation package structured per Art. 31 + Annex VII, covering all 10 content categories. Integrated with 7 additional CRA documents.

∅ LAYER 2 — NOT INCLUDED

What CRACheck does not do

CRACheck does not verify the technical accuracy of your product specifications. It does not perform testing. It does not act as a Notified Body. The documentation is as accurate as the data you provide.

The technical documentation is the foundation of everything — CE marking, conformity declaration, market surveillance. CRACheck builds that foundation in 15–25 minutes.

Enforcement regime

🔴
Art. 64(1) — Up to €15,000,000 or 2.5%

For placing a product on the market without technical documentation per Art. 31.

🟠
Art. 64(2) — Up to €10,000,000 or 2%

For incomplete or non-compliant technical documentation.

🟡
Art. 64(3) — Up to €5,000,000 or 1%

For providing incorrect or misleading information in the technical file.

Alternatives

CriterionFrom-scratch templateWord/PDF manual draftConsultancyCRACheck
Annex VII coverageUncertainDepends on expertiseFull, consultant-drivenFull, 10 categories
Cross-referencesManualManualSeparate deliverablesIntegrated (8 docs)
CostStaff timeStaff time€8K–€25K€149
Time2–4 months1–3 months6–16 weeks15–25 min
CRACheckFullIntegrated€14915-25 min

Technical documentation for a product portfolio?

Each product needs its own Art. 31 + Annex VII file. Pack pricing: €99/product (10), €79/product (30).

Request volume pricing
Commercial enquiries via hello@solidwaretools.com

What CRACheck guarantees and what it does not

CRACheck generates a structured document package according to Article 31 and Annex VII of Regulation (EU) 2024/2847 based on the information you enter. The accuracy, completeness, and truthfulness of that information is your responsibility as the manufacturer.

We guarantee that the document structure follows Article 31 and Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case.

CRACheck is not legal advice. For situations specific to your product or market, consult a qualified lawyer or specialised regulatory consultancy.

Frequently asked questions

What are the 10 content categories of Annex VII?
Annex VII requires: (1) general product description, (2) design and development information including SBOM, (3) cybersecurity risk assessment, (4) applied harmonised standards, (5) EU Declaration of Conformity or reference, (6) conformity assessment module documentation, (7) test reports, (8) vulnerability handling procedures, (9) support period and update mechanisms, (10) any other information relevant to demonstrating conformity.
How long must I retain the technical documentation?
Article 31(4) requires that the technical documentation be kept at the disposal of market surveillance authorities for 10 years after the product has been placed on the market.
Can I use CRACheck's output directly with a Notified Body?
CRACheck generates the documentation structure. For Important Class II or Critical products, the Notified Body will review the technical file. CRACheck's output provides the structured foundation for that review.
What language should the technical documentation be in?
Article 31(7) states that the technical documentation shall be drawn up in one of the official languages of the EU. Market surveillance authorities may request a translation. CRACheck generates documentation in English.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83, activating the licence constitutes express consent for immediate generation of digital content, waiving the 14-day withdrawal right. Refunds are only processed for reproducible technical failures.
What if the regulation changes?
If Regulation (EU) 2024/2847 is amended during your licence window, you can regenerate the documentation using the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 31 and Annex VII of Regulation (EU) 2024/2847 is generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment.

Technical documentation. 10 content categories. One structured package. Art. 31 + Annex VII.

CRACheck generates the complete Annex VII documentation from your input data. €149 per product. Browser-side.

€149 one-time
8-document ZIP · 15-25 min · 10 Annex VII categories · 100% browser-side
Generate technical documentation — €149

Related landings

[HOW TO]

how to do cybersecurity risk assessment CRA Annex I
[HOW TO]

how to create SBOM for CRA compliance software product
[HOW TO]

how to get CE marking digital product Cyber Resilience Act
✓ Last regulatory check: 1 May 2026 · No substantive changes detected · View history