PROFESSIONAL PACKReg. (EU) 2024/2847Buy pack — €1,199
LIVEEnforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your clients will need CRA documentation. Manually, each dossier takes 15-20 hours. With 70 licenses, you deliver each one in 20 minutes — and bill for the expertise, not the production time.

Regulation (EU) 2024/2847 — the Cyber Resilience Act — requires Annex VII technical documentation for every product with digital elements placed on the EU market. Manufacturers need it. Most cannot produce it internally. The professional who offers structured CRA documentation as a service captures a new, recurring revenue stream with every client. CRACheck Professional Pack: 70 licenses, €1,199 one-time. 8 structured PDF documents per product. Generated in your browser in 20 minutes.

Buy pack — €1,199See what each dossier includes

€1,199 · One-time · 70 dossiers · 8 PDFs each · Your data never leaves your browser

Built on Regulation (EU) 2024/2847 · Annex VII structure · Annex I Parts I & II mapped · EU Declaration of Conformity (Annex V) · 100% browser-side — GDPR-native

The numbers that define a CRA documentation service

Every manufacturer of connected products — from smart home to industrial IoT, from consumer electronics to SaaS platforms — will need Annex VII technical documentation. The professional who can deliver it at scale has a structural advantage over those who draft each dossier from scratch.

70
Dossiers per pack. One license per product per manufacturer. Independent activation.
20 min
Per dossier — vs 15-20 hours of manual drafting for cybersecurity documentation.
8 PDFs
Per product. Classification, Annex VII, risk assessment, vulnerability handling, DoC, CE marking, Art. 14 template.

Who uses the professional pack

CRACheck Professional Pack is built for any professional who delivers — or intends to deliver — CRA compliance documentation to multiple clients.

🔒
Cybersecurity consultancies
Adding structured CRA documentation to penetration testing, risk assessment, and security advisory services.
🏷️
CE marking & compliance firms
Extending RED, EMC, LVD service portfolios with CRA cybersecurity documentation as a new compliance layer.
📦
Marketplace & e-commerce agencies
Offering CRA documentation to sellers of connected products who become manufacturers under Article 21.
⚖️
Regulatory & legal advisors
Complementing legal counsel with structured documentation output. From advisory to deliverable in the same engagement.

What documenting 40 clients costs — with and without the pack

Without the pack
€72,000+
Manual drafting: 40 products × 18h × €100/h of senior professional time
Or outsource to another firm:
40 products × €1,500-3,000 = €60,000-€120,000

Or enterprise SaaS platform:
€8,000-20,000/year + onboarding + integration
✓ CRACheck Professional Pack
€1,199
One payment. 70 dossiers. 20 minutes each.
Total time: 40 × 20 min = ~13 hours
No subscription. No vendor dependency.
Bill each client €500-2,000 per dossier — the margin is in the expertise.

What this pack actually changes in your practice

Three inputs. Four answers. No signup required.

One license per product
Current time without the tool
Internal cost — not billing rate
×54
Capacity multiplier
Same person. Same hours. More output.
618h
Hours returned to advisory work
Time that goes back to billable engagements
€69,300
Cost of doing it manually
Professional time — documentation alone
First dossier delivered the same day. No setup. No onboarding. No integration project.
Ready on day one
Buy pack — €1,199
€1,199 one-time · No subscription · No vendor dependency · Enterprise SaaS alternative: €15,000–30,000/year + weeks of setup

What each dossier includes: 8 structured documents

Every license generates a complete Annex VII technical documentation package. Each document cites the specific article of Regulation (EU) 2024/2847 it complies with. The client does not need access to the tool — the professional enters the data and delivers the finished package.

1

Product Classification Report

Default / Important Class I / Important Class II / Critical. Annex III + Annex IV analysis.

2

Annex VII Technical Documentation

Complete technical file structure. Product description, design, development, cybersecurity risk assessment methodology.

3

Cybersecurity Risk Assessment

Systematic assessment against the 13 essential requirements of Annex I Part I. Article 13.2.

4

Vulnerability Handling Documentation

8 requirements of Annex I Part II. Coordinated vulnerability disclosure policy, SBOM reference. Article 13.6.

5

EU Declaration of Conformity

Per Annex V. Manufacturer identification, product identification, conformity assessment. Article 28.

6

Simplified EU Declaration of Conformity

Per Annex VI. Short-form declaration with URL reference. Article 13.20.

7

CE Marking Guidance Sheet

Printable label with CE marking, support period end date, manufacturer contact. Article 30.

8

Article 14 Notification Template

Pre-structured template for reporting vulnerabilities to CSIRT/ENISA within 24 hours. Article 14.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

How it works — four steps

1
Buy the pack
70 license codes delivered by email via Gumroad. One payment. No subscription.
2
Activate a license
Each license has its own code. Activate when needed. 30-day editing window per license from first activation.
3
Generate the dossier
15-20 minutes. Guided form with references to every article. Gather the client's product data, enter it, generate the package. The client never needs access to the tool.
4
Deliver to the client
8 PDFs in a ZIP file. Structured, article-by-article. Ready for market surveillance inspection, notified body review, or procurement. Invoice the client for the service.

Three mistakes that cost professionals time and market position

Pattern 1 — Drafting each dossier from scratch

Manual documentation does not scale

A single Annex VII dossier covers the 13 essential cybersecurity requirements of Annex I Part I, the 8 vulnerability handling requirements of Annex I Part II, the risk assessment per Article 13.2, the Declaration of Conformity per Annex V, and the CE marking per Article 30. Researching the regulation, structuring the document, and mapping each section to the correct article takes 15-20 hours per product. At that rate, serving 30-40 clients consumes the entire capacity of a senior professional for months.

Pattern 2 — Using generic templates that do not map the CRA structure

A compliance template is not Annex VII documentation

Generic cybersecurity assessment templates, ISO 27001 checklists, and NIST frameworks do not map to the specific structure of Regulation (EU) 2024/2847. The CRA has its own essential requirements (Annex I), its own documentation requirements (Annex VII), its own conformity assessment procedures (Article 32), and its own vulnerability handling obligations (Annex I Part II). A dossier built on a generic template will miss CRA-specific elements that market surveillance authorities expect to see.

Pattern 3 — Not offering CRA documentation as a service line

The professional who waits loses the client to the one who acts

CRA compliance documentation is a new service category. Every manufacturer of connected products will need it before December 2027. The professional who offers it now — while the market is still forming — establishes the client relationship, builds expertise, and captures revenue that competitors will pursue later. Waiting until enforcement is not a strategy — it is a concession to the competition.

Documentation and implementation: two layers

● LAYER 1 — What CRACheck does

Annex VII technical documentation

8 structured PDF documents per product. Cybersecurity risk assessment, vulnerability handling, Declaration of Conformity, CE marking guidance, notification template. Generated from input data in 20 minutes. Article-by-article traceability to Regulation (EU) 2024/2847.

∅ LAYER 2 — What CRACheck does not do

Security testing and product implementation

Penetration testing, firmware analysis, secure boot implementation, SBOM generation from source code, vulnerability scanning, security architecture review. These are implementation-level services. CRACheck documents the cybersecurity posture — it does not create it.

CRACheck structures and documents. The professional advises, coordinates, and implements. The two layers complement each other — and together they form a complete CRA compliance service.

What your clients face without documentation

These are the consequences under Article 64 of Regulation (EU) 2024/2847. This is the conversation to have when a client asks whether CRA documentation is really necessary.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I)
Up to €15,000,000 or 2.5% of global turnover

Article 64.2 of Regulation (EU) 2024/2847. Whichever is higher.

🇪🇺
Non-compliance with documentation, CE marking, reporting obligations
Up to €10,000,000 or 2% of global turnover

Article 64.3. Covers failure to produce Annex VII technical documentation, CE marking, and vulnerability reporting.

🇪🇺
Product withdrawal or recall by market surveillance
Market access blocked

Article 54. Corrective measures, withdrawal, or recall if documentation is insufficient.

The clients face these consequences. The professional who delivers documentation prevents them — and builds a service business on the obligation.

Alternatives for documenting 40+ client products

OptionCost for 40 productsTotal timeOutput quality
Manual drafting (Word templates)Professional time only720+ hoursVariable, no CRA-specific structure
Outsource to another firm€60,000-€120,000Depends on providerHigh, but eliminates your margin
Enterprise SaaS platform€8,000-€20,000/year2-4 weeks setupHigh, requires integration
CRACheck Professional Pack€1,199 (one-time)~13 hours totalStructured, Annex VII, article-by-article

What CRACheck guarantees and what it does not

CRACheck generates a structured documentation package according to Annex VII of Regulation (EU) 2024/2847 from the information that the user enters. The truthfulness, accuracy and completeness of that information is the responsibility of the manufacturer — or of the professional entering data on their behalf.

We guarantee that the document structure follows Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority or by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — professional pack

How do the 70 licenses work?
Each license is activated with a unique code and is associated with one specific product and manufacturer. One license equals one Annex VII dossier. The 70 licenses are used independently. They do not expire as a block — each one has its own 30-day editing window from its individual first activation.
Can I request a refund?
The pack is a digital product governed by Article 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the first license and expressly confirming PDF generation, the buyer consents to the downloadable digital content nature of the product and waives the right of withdrawal. Refunds are accepted only for reproducible technical failures (generator error, PDF that does not download, verifiable bug) within 14 calendar days of purchase.
What if the regulation changes?
Unused licenses will generate the dossier using the updated version of the generator at no additional cost. CRACheck is updated within 48 hours of any regulatory change published in the Official Journal of the European Union.
Do I need legal expertise to use the tool?
No. The generator guides step by step with references to each article of Regulation (EU) 2024/2847. The user enters the product data — manufacturer details, product description, connectivity, security features, vulnerability handling process. The tool structures the dossier according to Annex VII. It does not replace legal advice but reduces documentation time from hours to minutes.
Can I generate the dossier using data my client provides, without them accessing the tool?
Yes. The workflow is designed for this. The client provides product data — connectivity, security features, vulnerability handling process, manufacturer details. You enter the data into CRACheck and generate the 8-document package. The client never needs to see or access the tool. You deliver the finished PDF package and invoice for the service. This is how most professionals use the pack: as an internal production tool behind a client-facing service.
How do I price CRA documentation as a service to my clients?
That depends on your market, your positioning, and the value you add beyond the documentation itself. The pack covers 70 dossiers in a single payment, enabling significant margin on each client engagement. Most professionals charge between €300 and €2,000 per dossier depending on the complexity of the product, the level of advisory included, and whether they also coordinate implementation. The documentation itself takes 20 minutes to generate. The margin is in the expertise you bring to the data entry, the risk assessment, and the client relationship.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act (EUR-Lex) European Commission — Cyber Resilience Act implementation
⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The documents are generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment, a notified body evaluation, or a formal cybersecurity certification.

Every manufacturer of connected products will need CRA documentation before December 2027. The professional who delivers it captures the client. The one who waits loses the opportunity to someone who did not.

70 licenses. 8 PDF documents per product. Annex VII structure. Browser-side. One payment.

€1,199 one-time
70 dossiers · 20 minutes per client · One payment · Regulation (EU) 2024/2847
Buy CRACheck Professional Pack — €1,199

Related

PROFESSIONAL PACK

CRA documentation tool for cybersecurity consultancies
PROFESSIONAL PACK

CRA documentation tool for marketplace agencies
INDIVIDUAL LICENSE

CRACheck — single license from €149