PROFESSIONAL PACK Reg. (EU) 2024/2847 Buy pack — €1,199
LIVE Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sources View regulatory intelligence →

Your clients manufacture IoT products. The CRA enters into force in December 2027. Each Annex VII dossier takes you 20 hours to draft. With 70 licenses, it takes 20 minutes.

You are a cybersecurity consultancy serving manufacturers of connected products — sensors, smart home, wearables, building automation, industrial IoT. Regulation (EU) 2024/2847 requires each of them to produce Annex VII technical documentation before placing their product on the EU market. They will ask you to do it. CRACheck Professional Pack: 70 licenses, €1,199 one-time. 8 structured PDF documents per product. Generated in your browser in 20 minutes.

Buy pack — €1,199 See what each dossier includes

€1,199 · One-time · 70 dossiers · 8 PDFs each · Your data never leaves your browser

Built on Regulation (EU) 2024/2847 · Annex VII structure · Annex I Parts I & II mapped · EU Declaration of Conformity (Annex V) · 100% browser-side — GDPR-native

The numbers that matter for your consultancy

You know the regulation. You know your clients need documentation. The question is whether you can deliver it at scale without hiring or outsourcing.

70
Dossiers per pack. One license per product per manufacturer. Independent activation.
20 min
Per dossier — vs 15-20 hours of manual drafting with templates and Word documents.
8 PDFs
Per product. Classification, Annex VII, risk assessment, vulnerability handling, DoC, CE marking, Art. 14 template.

Who uses the professional pack

CRACheck Professional Pack is built for professionals who generate CRA documentation for multiple clients — not for individual manufacturers documenting a single product.

🔐
Cybersecurity consultancies
Serving 20-60 IoT and connected product manufacturers. Pentesting, risk assessment, compliance advisory.
🏷️
CE marking consultants
Already managing RED, LVD, EMC. Adding CRA cybersecurity documentation to the service offering.
🌍
Authorised representatives
Representing 40-90 non-EU manufacturers. Each needs Annex VII documentation under Article 18.
🏛️
Industry associations
Offering CRA compliance as a membership benefit. 50-150 member companies with connected products.

What documenting 70 clients costs — with and without the pack

Without the pack
€70,000+
Manual drafting: 70 clients × 15-20h × €80-150/h of your time
Or outsource to a regulatory consultant:
70 clients × €1,000-2,000 = €70,000-€140,000

Or enterprise SaaS platform:
€8,000-20,000/year + onboarding + integration
✓ CRACheck Professional Pack
€1,199
One payment. 70 dossiers. 20 minutes each.
Total time: 70 × 20 min = ~23 hours
No subscription. No vendor dependency.
No setup. No onboarding. No integration.

What this pack actually changes in your practice

Three inputs. Four answers. No signup required.

One license per product
Current time without the tool
Internal cost — not billing rate
×45
Capacity multiplier
Same person. Same hours. More output.
440h (55 days)
Hours returned to advisory work
Time that goes back to billable engagements
€54,000
Cost of doing it manually
Professional time — documentation alone
First dossier delivered the same day. No setup. No onboarding. No integration project.
Ready on day one
Buy pack — €1,199
€1,199 one-time · No subscription · No vendor dependency · Enterprise SaaS alternative: €15,000–30,000/year + weeks of setup

What each dossier includes: 8 structured documents

Every license generates a complete Annex VII technical documentation package. Each document cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classification Report

Default / Important Class I / Important Class II / Critical. Annex III + Annex IV analysis.

2

Annex VII Technical Documentation

Complete technical file structure. Product description, design, development, cybersecurity risk assessment methodology.

3

Cybersecurity Risk Assessment

Systematic assessment against the 13 essential requirements of Annex I Part I. Article 13.2.

4

Vulnerability Handling Documentation

8 requirements of Annex I Part II. Coordinated vulnerability disclosure policy, SBOM reference. Article 13.6.

5

EU Declaration of Conformity

Per Annex V. Manufacturer identification, product identification, conformity assessment. Article 28.

6

Simplified EU Declaration of Conformity

Per Annex VI. Short-form declaration with URL reference. Article 13.20.

7

CE Marking Guidance Sheet

Printable label with CE marking, support period end date, manufacturer contact. Article 30.

8

Article 14 Notification Template

Pre-structured template for reporting vulnerabilities to CSIRT/ENISA within 24 hours. Article 14.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

How it works — four steps

1
Buy the pack
70 license codes delivered by email via Gumroad. One payment. No subscription.
2
Activate a license
Each license has its own code. Activate when needed. 30-day editing window per license from first activation.
3
Generate the dossier
15-20 minutes. Guided form with references to every article. The client does not need access to the tool.
4
Deliver to the client
8 PDFs in a ZIP file. Structured, article-by-article. Ready for inspection or procurement review.

Three mistakes that cost consultancies time and clients

Pattern 1 — Drafting each dossier from scratch

15-20 hours per client in Word and Excel

Mapping Annex I requirements manually, cross-referencing ENISA guidance, structuring the risk assessment, formatting the Declaration of Conformity. For one client. Then the next one arrives. At 30+ clients, the bottleneck is not expertise — it is production capacity.

Pattern 2 — Using generic templates that miss the CRA structure

A pentest report is not Annex VII documentation

Distributors and importers will request documentation per Annex VII of Regulation (EU) 2024/2847 — not a vulnerability scan, not a SOC2 report, not an ISO 27001 certificate. The CRA has its own structure. Generic cybersecurity templates do not map to it.

Pattern 3 — Not offering CRA documentation because it seems too complex

The competitor will offer it

If a client is told to find another consultant for CRA documentation, they will — and that consultant will also take the RED, EMC, and LVD work. The CRA is not optional for the service portfolio. It is a retention risk.

Documentation and implementation: two layers

● LAYER 1 — What CRACheck does

Annex VII technical documentation

8 structured PDF documents per product. Risk assessment, vulnerability handling, Declaration of Conformity, CE marking, notification template. Generated from input data in 20 minutes. Article-by-article traceability.

∅ LAYER 2 — What CRACheck does not do

Security implementation and testing

Penetration testing, code review, SBOM generation, vulnerability scanning, secure development lifecycle implementation. That is the consultancy's core service. CRACheck documents the outcome.

CRACheck structures and documents. The consultancy assesses and implements. The two layers complement each other.

What your clients face without documentation

These are the consequences under Article 64 of Regulation (EU) 2024/2847. This is the argument to present when a client asks why an Annex VII dossier is necessary.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I)
Up to €15,000,000 or 2.5% of global turnover

Article 64.2 of Regulation (EU) 2024/2847. Whichever is higher.

🇪🇺
Non-compliance with documentation, reporting, CE marking obligations
Up to €10,000,000 or 2% of global turnover

Article 64.3. Covers failure to produce Annex VII technical documentation, CE marking, and vulnerability reporting.

🇪🇺
Product withdrawal or recall by market surveillance
Market access blocked

Article 54. Corrective measures, withdrawal, or recall if documentation is insufficient.

The clients face these consequences. The consultancy offers the documentation that prevents them.

Alternatives for documenting 70 clients

OptionCost for 70 clientsTotal timeOutput quality
Manual drafting (templates)Professional time only1,050-1,400 hoursVariable, no traceability
Outsource to regulatory consultant€70,000-€140,000Depends on consultantHigh, but cost-prohibitive
Enterprise SaaS platform€8,000-€20,000/year2-4 weeks setupHigh, requires integration
CRACheck Professional Pack€1,199 (one-time)~23 hours totalStructured, Annex VII, article-by-article

What CRACheck guarantees and what it does not

CRACheck generates a structured documentation package according to Annex VII of Regulation (EU) 2024/2847 from the information that the user enters. The truthfulness, accuracy and completeness of that information is the responsibility of the manufacturer — or of the consultant entering data on their behalf.

We guarantee that the document structure follows Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — professional pack

How do the 70 licenses work?
Each license is activated with a unique code and is associated with one specific product and manufacturer. One license equals one Annex VII dossier. The 70 licenses are used independently. They do not expire as a block — each one has its own 30-day editing window from its individual first activation.
Can I request a refund?
The pack is a digital product governed by Article 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the first license and expressly confirming PDF generation, the buyer consents to the downloadable digital content nature of the product and waives the right of withdrawal. Refunds are accepted only for reproducible technical failures (generator error, PDF that does not download, verifiable bug) within 14 calendar days of purchase.
What if the regulation changes?
Unused licenses will generate the dossier using the updated version of the generator at no additional cost. CRACheck is updated within 48 hours of any regulatory change published in the Official Journal of the European Union.
Do I need legal expertise to use the tool?
No. The generator guides step by step with references to each article of Regulation (EU) 2024/2847. The user enters the product data — manufacturer details, product description, connectivity, security features, vulnerability handling process. The tool structures the dossier according to Annex VII. It does not replace legal advice but reduces documentation time from hours to minutes.
Can I generate the dossier using data my client provides, without them accessing the tool?
Yes. The data is entered by the consultant. The client does not need access to the tool. The finished 8-PDF dossier is delivered as part of the consultancy service. This is how most professional pack users operate — collect product specifications from the client, fill the guided form, deliver the structured documentation.
Does the dossier cover both Annex I Part I (security requirements) and Part II (vulnerability handling)?
Yes. CRACheck generates documentation covering all 13 essential cybersecurity requirements of Annex I Part I and all 8 vulnerability handling requirements of Annex I Part II of Regulation (EU) 2024/2847, structured according to the Annex VII technical documentation format. The cybersecurity risk assessment maps each requirement to the product's specific characteristics.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act (EUR-Lex) European Commission — Cyber Resilience Act implementation
⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The documents are generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment, a notified body evaluation, or a formal cybersecurity certification.

Your clients will need CRA documentation before December 2027. The question is whether you deliver it — or someone else does.

70 licenses. 8 PDF documents per product. Annex VII structure. Browser-side. One payment.

€1,199 one-time
70 dossiers · 20 minutes per client · One payment · Regulation (EU) 2024/2847
Buy CRACheck Professional Pack — €1,199

Related

PROFESSIONAL PACK

CRA documentation tool for CE marking consultants
PROFESSIONAL PACK

CRA documentation tool for authorised representative services
INDIVIDUAL LICENSE

CRACheck — single license from €149