You are an authorised representative service for non-EU manufacturers of products with digital elements — IoT hardware, software platforms, connected components. Regulation (EU) 2024/2847 requires Annex VII technical documentation for every product placed on the EU market. Under Article 18.3(b), you must provide that documentation to any market surveillance authority that requests it. Most of your manufacturers have none. CRACheck Professional Pack: 70 licenses, €1,199 one-time. 8 structured PDF documents per product. Generated in your browser in 20 minutes.
€1,199 · One-time · 70 dossiers · 8 PDFs each · Your data never leaves your browser
You know your manufacturers need documentation. You know that without it, you cannot fulfil your obligations under Article 18. The question is whether you can produce it at scale — or whether you have to tell each manufacturer to handle it themselves.
CRACheck Professional Pack is built for authorised representatives and compliance services that manage CRA documentation across dozens of non-EU manufacturers simultaneously.
Three inputs. Four answers. No signup required.
Every license generates a complete Annex VII technical documentation package. Each document cites the specific article of Regulation (EU) 2024/2847 it complies with.
Default / Important Class I / Important Class II / Critical. Annex III + Annex IV analysis.
Complete technical file structure. Product description, design, development, cybersecurity risk assessment methodology.
Systematic assessment against the 13 essential requirements of Annex I Part I. Article 13.2.
8 requirements of Annex I Part II. Coordinated vulnerability disclosure policy, SBOM reference. Article 13.6.
Per Annex V. Manufacturer identification, product identification, conformity assessment. Article 28.
Per Annex VI. Short-form declaration with URL reference. Article 13.20.
Printable label with CE marking, support period end date, manufacturer contact. Article 30.
Pre-structured template for reporting vulnerabilities to CSIRT/ENISA within 24 hours. Article 14.
See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Many non-EU manufacturers provide a one-page CE certificate with no supporting technical file. Under the CRA, market surveillance authorities can request the full Annex VII technical documentation package — risk assessment, vulnerability handling policy, SBOM reference, Declaration of Conformity. A generic certificate from the factory does not satisfy Article 18.3(b).
Non-EU manufacturers — especially hardware factories and software companies without EU compliance experience — do not have the regulatory knowledge to produce Annex VII documentation on their own. Waiting for them to deliver it means the product sits on the market without documentation, and the authorised representative bears the exposure under Article 18.
Annex VII documentation is a structured compliance output that the manufacturer needs to place the product on the EU market. Producing it is a professional service with measurable value. Absorbing the cost without billing it to the manufacturer erodes margins and makes the representation service unsustainable at scale.
8 structured PDF documents per product. Cybersecurity risk assessment, vulnerability handling, Declaration of Conformity, CE marking guidance, notification template. Generated from the manufacturer's product data in 20 minutes. Article-by-article traceability to Regulation (EU) 2024/2847.
Firmware hardening, secure boot configuration, vulnerability scanning, penetration testing, SBOM generation from source code. These are implementation responsibilities that belong to the manufacturer. CRACheck documents the cybersecurity posture — it does not create it.
CRACheck structures and documents. The authorised representative coordinates between the manufacturer and the EU market. The two layers complement each other.
These are the consequences under Article 64 of Regulation (EU) 2024/2847. As the authorised representative, this is the argument to present when a manufacturer asks why Annex VII documentation is necessary.
Article 64.2 of Regulation (EU) 2024/2847. Whichever is higher.
Article 64.3. Covers failure to produce Annex VII technical documentation, CE marking, and vulnerability reporting.
Article 54. Corrective measures, withdrawal, or recall if documentation is insufficient.
The manufacturers face these consequences. The authorised representative offers the documentation that prevents them — and bills it as a professional service.
| Option | Cost for 70 manufacturers | Total time | Output quality |
|---|---|---|---|
| Ask manufacturers to self-produce | No direct cost | Months of follow-up | Inconsistent, often incomplete |
| Outsource to cybersecurity consultant | €105,000-€210,000 | Depends on provider | High, but cost-prohibitive at scale |
| Enterprise SaaS platform | €8,000-€20,000/year | 2-4 weeks setup | High, requires integration |
| CRACheck Professional Pack | €1,199 (one-time) | ~23 hours total | Structured, Annex VII, article-by-article |
CRACheck generates a structured documentation package according to Annex VII of Regulation (EU) 2024/2847 from the information that the user enters. The truthfulness, accuracy and completeness of that information is the responsibility of the manufacturer — or of the authorised representative entering data on their behalf.
We guarantee that the document structure follows Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.
CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
70 licenses. 8 PDF documents per product. Annex VII structure. Browser-side. One payment.