PROFESSIONAL PACK Reg. (EU) 2024/2847 Buy pack — €1,199
LIVE Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sources View regulatory intelligence →

You manage 40+ marketplace sellers of connected products. Under the CRA, every seller who brands a product is a manufacturer. Each Annex VII dossier takes 15 hours to draft. With 70 licenses, it takes 20 minutes.

You are a marketplace agency serving sellers of smart home devices, wearables, IP cameras, connected electronics on Amazon, Kaufland, Cdiscount, bol.com. Regulation (EU) 2024/2847 treats any seller who places a product under its own brand as a manufacturer (Article 21) — with full Article 13 obligations: cybersecurity risk assessment, Annex VII technical documentation, vulnerability handling, SBOM, CE marking, and a minimum 5-year support period. CRACheck Professional Pack: 70 licenses, €1,199 one-time. 8 structured PDF documents per product. Generated in your browser in 20 minutes.

Buy pack — €1,199 See what each dossier includes

€1,199 · One-time · 70 dossiers · 8 PDFs each · Your data never leaves your browser

Built on Regulation (EU) 2024/2847 · Annex VII structure · Annex I Parts I & II mapped · Art. 21 seller-as-manufacturer · 100% browser-side — GDPR-native

The numbers that matter for your seller portfolio

Your sellers list white-label connected products under their own brands. Under Article 21 of Regulation (EU) 2024/2847, each of them is a manufacturer. The question is whether they have the documentation to prove it — or whether the next marketplace audit shuts them down.

70
Dossiers per pack. One license per product per seller. Independent activation.
20 min
Per dossier — vs 15 hours of manual drafting for cybersecurity documentation.
8 PDFs
Per product. Classification, Annex VII, risk assessment, vulnerability handling, DoC, CE marking, Art. 14 template.

Who uses the professional pack

CRACheck Professional Pack is built for agencies and service providers who manage marketplace sellers of connected products and need to offer CRA documentation at scale.

📦
Amazon & FBA agencies
Managing seller accounts for electronics, smart home, wearables. Adding CRA documentation as a compliance layer to prevent listing suspensions.
🌏
Cross-border e-commerce consultancies
Serving non-EU sellers entering European marketplaces. Bridging the gap between factory-level compliance and EU market access requirements.
🛒
Marketplace compliance services
Specialised in product listing compliance — safety data sheets, CE marking, EPR. Adding CRA cybersecurity documentation to the service portfolio.
📋
Seller account management firms
Full-service seller management — from listing optimisation to regulatory compliance. CRA documentation completes the compliance offering.

What documenting 50 sellers costs — with and without the pack

Without the pack
€52,500+
Manual drafting: 50 products × 15h × €70/h of compliance staff time
Or outsource to a cybersecurity consultant:
50 products × €1,500-3,000 = €75,000-€150,000

Or enterprise SaaS platform:
€8,000-20,000/year + onboarding + integration
✓ CRACheck Professional Pack
€1,199
One payment. 70 dossiers. 20 minutes each.
Total time: 50 × 20 min = ~17 hours
No subscription. No vendor dependency.
Charge €300-500 per seller — generate €15,000-25,000 of additional revenue.

What this pack actually changes in your agency

Three inputs. Four answers. No signup required.

One license per product per seller
Current time without the tool
Internal cost — not billing rate
×45
Capacity multiplier
Same person. Same hours. More output.
660h
Hours returned to advisory work
Time that goes back to billable engagements
€60,750
Cost of doing it manually
Professional time — documentation alone
First dossier delivered the same day. No setup. No onboarding. No integration project.
Ready on day one
Buy pack — €1,199
€1,199 one-time · No subscription · No vendor dependency · Enterprise SaaS alternative: €15,000–30,000/year + weeks of setup

What each dossier includes: 8 structured documents

Every license generates a complete Annex VII technical documentation package. Each document cites the specific article of Regulation (EU) 2024/2847 it complies with. The seller does not need access to the tool — the agency enters the product data and delivers the finished package.

1

Product Classification Report

Default / Important Class I / Important Class II / Critical. Annex III + Annex IV analysis.

2

Annex VII Technical Documentation

Complete technical file structure. Product description, design, development, cybersecurity risk assessment methodology.

3

Cybersecurity Risk Assessment

Systematic assessment against the 13 essential requirements of Annex I Part I. Article 13.2.

4

Vulnerability Handling Documentation

8 requirements of Annex I Part II. Coordinated vulnerability disclosure policy, SBOM reference. Article 13.6.

5

EU Declaration of Conformity

Per Annex V. Manufacturer identification, product identification, conformity assessment. Article 28.

6

Simplified EU Declaration of Conformity

Per Annex VI. Short-form declaration with URL reference. Article 13.20.

7

CE Marking Guidance Sheet

Printable label with CE marking, support period end date, manufacturer contact. Article 30.

8

Article 14 Notification Template

Pre-structured template for reporting vulnerabilities to CSIRT/ENISA within 24 hours. Article 14.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

How it works — four steps

1
Buy the pack
70 license codes delivered by email via Gumroad. One payment. No subscription.
2
Activate a license
Each license has its own code. Activate when needed. 30-day editing window per license from first activation.
3
Generate the dossier
15-20 minutes. Guided form with references to every article. Enter the seller's product data — connectivity, security features, vulnerability handling. The seller does not need access to the tool.
4
Deliver to the seller
8 PDFs in a ZIP file. Structured, article-by-article. Ready for marketplace compliance review, market surveillance inspection, or procurement. Invoice the seller for the service.

Three mistakes that cost marketplace agencies sellers and revenue

Pattern 1 — Assuming the factory CE certificate covers cybersecurity

A generic CE mark from the supplier does not satisfy the CRA

The CE certificate from a Chinese factory typically covers the Radio Equipment Directive (2014/53/EU), EMC (2014/30/EU), or Low Voltage Directive (2014/35/EU). The Cyber Resilience Act is a separate regulation — Regulation (EU) 2024/2847 — with its own essential cybersecurity requirements (Annex I), its own technical documentation structure (Annex VII), and its own conformity assessment procedures (Article 32). A product can have a valid RED CE mark and zero CRA documentation.

Pattern 2 — Waiting for marketplace enforcement instead of preparing now

When the platform suspends listings, the revenue is already lost

Amazon, Kaufland, and other EU marketplaces are tightening compliance checks. When a listing is suspended for missing documentation, the seller loses daily revenue, organic ranking, advertising investment, and Buy Box position. Reinstatement takes weeks. The agency that has documentation ready prevents the suspension entirely — instead of scrambling to fix it afterwards.

Pattern 3 — Not offering CRA documentation as a managed service

If the agency does not provide it, the seller finds one that does

Marketplace sellers operate on speed and convenience. When CRA documentation becomes mandatory, every seller will need it for every connected product. The agency that offers it as part of the account management retains the client. The agency that says "find a compliance consultant" pushes the seller toward a full-service competitor that handles everything — listings, advertising, and compliance — in one place.

Documentation and implementation: two layers

● LAYER 1 — What CRACheck does

Annex VII technical documentation

8 structured PDF documents per product. Cybersecurity risk assessment, vulnerability handling, Declaration of Conformity, CE marking guidance, notification template. Generated from product data in 20 minutes. Article-by-article traceability to Regulation (EU) 2024/2847.

∅ LAYER 2 — What CRACheck does not do

Product security implementation

Penetration testing, firmware hardening, secure boot, encrypted OTA updates, SBOM generation from source code, vulnerability scanning. These are engineering-level changes to the product itself. CRACheck documents the cybersecurity posture — it does not modify the product.

CRACheck structures and documents. The agency coordinates between the seller and the factory for implementation-level changes. The two layers complement each other.

What your sellers face without documentation

These are the consequences under Article 64 of Regulation (EU) 2024/2847 for sellers who are classified as manufacturers under Article 21. This is the argument to present when a seller asks why CRA documentation is necessary on top of existing CE marking.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I)
Up to €15,000,000 or 2.5% of global turnover

Article 64.2 of Regulation (EU) 2024/2847. Whichever is higher. Applies to any manufacturer — including marketplace sellers under Article 21.

🇪🇺
Non-compliance with documentation, CE marking, reporting obligations
Up to €10,000,000 or 2% of global turnover

Article 64.3. Covers failure to produce Annex VII technical documentation, CE marking, and vulnerability reporting.

🇪🇺
Product withdrawal or recall by market surveillance
Market access blocked

Article 54. Corrective measures, withdrawal, or recall if documentation is insufficient. Marketplace listing suspension is the commercial equivalent.

The sellers face these consequences. The agency offers the documentation that prevents them — and charges for the service.

Alternatives for documenting 50+ seller products

OptionCost for 50 productsTotal timeOutput quality
Manual drafting (Word templates)Professional time only750+ hoursVariable, no CRA-specific structure
Outsource to cybersecurity firm€75,000-€150,000Depends on providerHigh, but cost-prohibitive at scale
Enterprise SaaS platform€8,000-€20,000/year2-4 weeks setupHigh, requires integration
CRACheck Professional Pack€1,199 (one-time)~17 hours totalStructured, Annex VII, article-by-article

What CRACheck guarantees and what it does not

CRACheck generates a structured documentation package according to Annex VII of Regulation (EU) 2024/2847 from the information that the user enters. The truthfulness, accuracy and completeness of that information is the responsibility of the manufacturer — or of the agency entering data on their behalf.

We guarantee that the document structure follows Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a marketplace platform in a compliance review.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — professional pack

How do the 70 licenses work?
Each license is activated with a unique code and is associated with one specific product and manufacturer. One license equals one Annex VII dossier. The 70 licenses are used independently. They do not expire as a block — each one has its own 30-day editing window from its individual first activation.
Can I request a refund?
The pack is a digital product governed by Article 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the first license and expressly confirming PDF generation, the buyer consents to the downloadable digital content nature of the product and waives the right of withdrawal. Refunds are accepted only for reproducible technical failures (generator error, PDF that does not download, verifiable bug) within 14 calendar days of purchase.
What if the regulation changes?
Unused licenses will generate the dossier using the updated version of the generator at no additional cost. CRACheck is updated within 48 hours of any regulatory change published in the Official Journal of the European Union.
Do I need legal expertise to use the tool?
No. The generator guides step by step with references to each article of Regulation (EU) 2024/2847. The user enters the product data — manufacturer details, product description, connectivity, security features, vulnerability handling process. The tool structures the dossier according to Annex VII. It does not replace legal advice but reduces documentation time from hours to minutes.
My sellers brand white-label products from Chinese factories. Does the CRA really make them manufacturers?
Yes. Article 21 of Regulation (EU) 2024/2847 states that an importer or distributor who places a product with digital elements on the market under its name or trademark shall be considered a manufacturer and is subject to the full obligations of Articles 13 and 14. Article 3(13) defines a manufacturer as any person who markets products with digital elements under its name or trademark. A marketplace seller who buys a white-label smart plug from a factory and lists it under their own brand is, under the CRA, the manufacturer of that product — with all corresponding obligations: cybersecurity risk assessment, Annex VII technical documentation, vulnerability handling, SBOM, CE marking, and a minimum 5-year support period.
Can I generate dossiers for multiple sellers from a single pack?
Yes. Each of the 70 licenses is independent. You activate one license per product per manufacturer (seller). If you manage 40 sellers and each has 1-2 products, you use 40-80 licenses. The seller does not need access to the tool — you enter the product data on their behalf and deliver the finished documentation package. This is how marketplace agencies offer CRA compliance as a managed service.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act (EUR-Lex) European Commission — Cyber Resilience Act implementation
⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The documents are generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment, a notified body evaluation, or a formal cybersecurity certification.

The CRA applies from December 2027. Your sellers brand connected products under their own names. Under Article 21, every one of them is a manufacturer. The question is whether they have the documentation — or whether the next marketplace audit finds out they do not.

70 licenses. 8 PDF documents per product. Annex VII structure. Browser-side. One payment.

€1,199 one-time
70 dossiers · 20 minutes per seller product · One payment · Regulation (EU) 2024/2847
Buy CRACheck Professional Pack — €1,199

Related

PROFESSIONAL PACK

CRA documentation tool for cybersecurity consultancies
PROFESSIONAL PACK

CRA documentation tool for CE marking consultants
INDIVIDUAL LICENSE

CRACheck — single license from €149