PROFESSIONAL PACK Reg. (EU) 2024/2847 Buy pack — €1,199
LIVE Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sources View regulatory intelligence →

Your importers' manufacturers have CE certificates — but not for the CRA. Under Article 19, every product needs Annex VII cybersecurity documentation before market placement. Each dossier takes 12–15 hours to produce manually. With 70 licenses, 20 minutes.

You are a trade compliance or import advisory firm serving importers of products with digital elements — consumer electronics, IoT devices, routers, smart home products, industrial sensors. Regulation (EU) 2024/2847 requires importers to verify that the manufacturer has drawn up Annex VII technical documentation before placing any product on the EU market (Article 19.2). Your importers' suppliers — factories across Asia, software companies, hardware manufacturers — almost never have it. CRACheck Professional Pack: 70 licenses, €1,199 one-time. 8 structured PDF documents per product. Generated in your browser in 20 minutes.

Buy pack — €1,199 See what each dossier includes

€1,199 · One-time · 70 dossiers · 8 PDFs each · Your data never leaves your browser

Built on Regulation (EU) 2024/2847 · Annex VII structure · Annex I Parts I & II mapped · EU Declaration of Conformity (Annex V) · 100% browser-side — GDPR-native

The numbers that matter for your import advisory practice

Your importers need CRA documentation from manufacturers who have never heard of Annex VII. Without it, the products cannot legally enter the EU market under Article 19. The question is whether you can produce it at scale — or whether you lose the client to a firm that can.

70
Dossiers per pack. One license per product per manufacturer. Independent activation.
20 min
Per dossier — vs 12-15 hours of manual drafting for each product.
8 PDFs
Per product. Classification, Annex VII, risk assessment, vulnerability handling, DoC, CE marking, Art. 14 template.

Who uses the professional pack

CRACheck Professional Pack is built for trade compliance and import advisory professionals who manage CRA documentation across dozens of importers and their manufacturers simultaneously.

🌐
Trade compliance consultancies
Serving importers across the EU. Verifying manufacturer documentation against CRA requirements. Adding cybersecurity compliance to the trade advisory stack.
📦
Import advisory firms
Advising importers on EU market access. From CE marking under RED/LVD to Annex VII documentation under the CRA. Article 19 compliance as a service.
🏭
Manufacturer liaison services
Bridging non-EU manufacturers and EU importers. Translating CRA requirements into structured documentation the factory can review and approve.
🛃
Regulatory affairs for cross-border trade
Managing multi-regulation compliance portfolios for products entering the EU — EMC, LVD, RED, GPSR, and now CRA.

What documenting 70 products costs — with and without the pack

Without the pack
€56,000+
Manual drafting: 70 products × 12h × €65-100/h of trade compliance staff time
Or ask manufacturers to provide it:
Most non-EU manufacturers have no CRA documentation

Or enterprise SaaS platform:
€8,000-20,000/year + onboarding + integration
✓ CRACheck Professional Pack
€1,199
One payment. 70 dossiers. 20 minutes each.
Total time: 70 × 20 min = ~23 hours
No subscription. No vendor dependency.
Bill the importer or manufacturer for the service.

What this pack actually changes in your practice

Three inputs. Four answers. No signup required.

One license per product
Current time without the tool
Internal cost — not billing rate
×36
Capacity multiplier
Same person. Same hours. More output.
467h
Hours returned to advisory work
Time that goes back to billable engagements
€48,000
Cost of doing it manually
Professional time — documentation alone
First dossier delivered the same day. No setup. No onboarding. No integration project.
Ready on day one
Buy pack — €1,199
€1,199 one-time · No subscription · No vendor dependency · Enterprise SaaS alternative: €15,000–30,000/year + weeks of setup

What each dossier includes: 8 structured documents

Every license generates a complete Annex VII technical documentation package. Each document cites the specific article of Regulation (EU) 2024/2847 it complies with.

1

Product Classification Report

Default / Important Class I / Important Class II / Critical. Annex III + Annex IV analysis.

2

Annex VII Technical Documentation

Complete technical file structure. Product description, design, development, cybersecurity risk assessment methodology.

3

Cybersecurity Risk Assessment

Systematic assessment against the 13 essential requirements of Annex I Part I. Article 13.2.

4

Vulnerability Handling Documentation

8 requirements of Annex I Part II. Coordinated vulnerability disclosure policy, SBOM reference. Article 13.6.

5

EU Declaration of Conformity

Per Annex V. Manufacturer identification, product identification, conformity assessment. Article 28.

6

Simplified EU Declaration of Conformity

Per Annex VI. Short-form declaration with URL reference. Article 13.20.

7

CE Marking Guidance Sheet

Printable label with CE marking, support period end date, manufacturer contact. Article 30.

8

Article 14 Notification Template

Pre-structured template for reporting vulnerabilities to CSIRT/ENISA within 24 hours. Article 14.

See before you buy — Download sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.

How it works — four steps

1
Buy the pack
70 license codes delivered by email via Gumroad. One payment. No subscription.
2
Activate a license
Each license has its own code. Activate when needed. 30-day editing window per license from first activation.
3
Generate the dossier
15-20 minutes. Guided form with references to every article. Enter the product data from the manufacturer. The manufacturer does not need access to the tool.
4
Deliver to the importer
8 PDFs in a ZIP file. The importer keeps them on file for Article 19 obligations. Invoice the importer or manufacturer for the compliance service.

Three mistakes that cost trade compliance firms time and clients

Pattern 1 — Accepting manufacturer CE certificates at face value

CE under RED or LVD is not CE under the CRA

Many non-EU manufacturers provide a CE certificate covering the Radio Equipment Directive or Low Voltage Directive. Under Regulation (EU) 2024/2847, market surveillance can request the full Annex VII cybersecurity documentation package — risk assessment, vulnerability handling, SBOM reference, Declaration of Conformity specific to the CRA. An existing CE certificate from another directive does not cover Article 19.2 requirements.

Pattern 2 — Waiting for the manufacturer to produce CRA documentation

Non-EU manufacturers will not produce it without structured guidance

Most non-EU manufacturers of connected products — consumer electronics, IoT devices, industrial sensors — do not have the regulatory knowledge to produce Annex VII documentation independently. Waiting for them to deliver it means the product sits without documentation, and the importer bears the exposure under Article 19. The trade compliance firm that provides the structure moves the project forward.

Pattern 3 — Not offering CRA documentation as a billable advisory service

Documentation is a high-value deliverable, not an overhead cost

Annex VII documentation is a structured compliance output that the importer needs to place the product legally on the EU market. Producing it is a professional service with measurable value — the importer cannot import without it. Absorbing the cost without billing it erodes margins. The firm that positions CRA documentation as a service line scales revenue alongside regulation.

Documentation and implementation: two layers

● LAYER 1 — What CRACheck does

Annex VII technical documentation

8 structured PDF documents per product. Cybersecurity risk assessment, vulnerability handling, Declaration of Conformity, CE marking guidance, notification template. Generated from the manufacturer's product data in 20 minutes. Article-by-article traceability to Regulation (EU) 2024/2847.

∅ LAYER 2 — What CRACheck does not do

Product security implementation

Firmware hardening, secure boot configuration, vulnerability scanning, penetration testing, SBOM generation from source code. These are implementation responsibilities that belong to the manufacturer. CRACheck documents the cybersecurity posture — it does not create it.

CRACheck structures and documents. The trade compliance professional advises and coordinates between importers and manufacturers. The two layers complement each other.

What your importers' manufacturers face without documentation

These are the consequences under Article 64 of Regulation (EU) 2024/2847. As the trade compliance advisor, this is the argument to present when an importer asks why CRA documentation is necessary before import.

🇪🇺
Non-compliance with essential cybersecurity requirements (Annex I)
Up to €15,000,000 or 2.5% of global turnover

Article 64.2 of Regulation (EU) 2024/2847. Whichever is higher. Applies to manufacturers and, by extension, to importers who place non-compliant products on the market (Article 19.1).

🇪🇺
Importer failure to verify documentation, CE marking, or reporting obligations
Up to €10,000,000 or 2% of global turnover

Article 64.3. Covers non-compliance with Article 19 (importer obligations), including failure to verify that the manufacturer has drawn up technical documentation before placing the product on the market.

🇪🇺
Product withdrawal or recall by market surveillance
Market access blocked

Article 54. Market surveillance authorities can require withdrawal, recall, or prohibition of making the product available if documentation is insufficient.

The importer faces these consequences. The trade compliance firm offers the documentation that prevents them — and bills it as a professional service.

Alternatives for documenting 70 products

OptionCost for 70 productsTotal timeOutput quality
Ask manufacturers to self-produceNo direct costMonths of follow-upInconsistent, often incomplete
Outsource to cybersecurity consultant€105,000–€210,000Depends on providerHigh, but cost-prohibitive at scale
Enterprise SaaS platform€8,000–€20,000/year2-4 weeks setupHigh, requires integration
CRACheck Professional Pack€1,199 (one-time)~23 hours totalStructured, Annex VII, article-by-article

What CRACheck guarantees and what it does not

CRACheck generates a structured documentation package according to Annex VII of Regulation (EU) 2024/2847 from the information that the user enters. The truthfulness, accuracy and completeness of that information is the responsibility of the manufacturer — or of the professional entering data on their behalf.

We guarantee that the document structure follows Annex VII of Regulation (EU) 2024/2847 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

CRACheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — professional pack

How do the 70 licenses work?
Each license is activated with a unique code and is associated with one specific product and manufacturer. One license equals one Annex VII dossier. The 70 licenses are used independently. They do not expire as a block — each one has its own 30-day editing window from its individual first activation.
Can I request a refund?
The pack is a digital product governed by Article 16(m) of Directive (EU) 2011/83 on consumer rights. By activating the first license and expressly confirming PDF generation, the buyer consents to the downloadable digital content nature of the product and waives the right of withdrawal. Refunds are accepted only for reproducible technical failures (generator error, PDF that does not download, verifiable bug) within 14 calendar days of purchase.
What if the regulation changes?
Unused licenses will generate the dossier using the updated version of the generator at no additional cost. CRACheck is updated within 48 hours of any regulatory change published in the Official Journal of the European Union.
Do I need legal expertise to use the tool?
No. The generator guides step by step with references to each article of Regulation (EU) 2024/2847. The user enters the product data — manufacturer details, product description, connectivity, cybersecurity features, vulnerability handling processes. The tool structures the dossier according to Annex VII. It does not replace legal advice but reduces documentation time from hours to minutes.
My clients import products from manufacturers who already have CE marking under other EU directives. Does that cover CRA requirements?
No. CE marking under Directive 2014/53/EU (Radio Equipment Directive), Directive 2014/35/EU (Low Voltage), or Directive 2014/30/EU (EMC) covers different requirements than Regulation (EU) 2024/2847. The CRA introduces cybersecurity-specific obligations: Annex I essential cybersecurity requirements, Annex VII technical documentation including cybersecurity risk assessment, vulnerability handling policy, SBOM reference, and coordinated vulnerability disclosure. An existing CE marking certifies compliance with the directives it references — not with the CRA. Under Article 19.2 of Regulation (EU) 2024/2847, the importer must verify that the manufacturer has drawn up the CRA-specific technical documentation before placing the product on the EU market.
Can I generate the documentation using product data from the importer, without the manufacturer accessing the tool?
Yes. CRACheck is designed for professionals who document products on behalf of manufacturers or importers. You enter the product data — manufacturer details, product description, connectivity, cybersecurity features, vulnerability handling processes. The manufacturer does not need an account or access to the tool. The guided form references every relevant article of Regulation (EU) 2024/2847, so you can collect the necessary information through your normal communication channels with the manufacturer and enter it in one session.

Official legal sources

Regulation (EU) 2024/2847 — Cyber Resilience Act (EUR-Lex) European Commission — Cyber Resilience Act implementation
⚠️ Important notice: CRACheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The documents are generated from your input data. You are responsible for the accuracy of the data you provide. CRACheck does not replace a qualified professional assessment, a notified body evaluation, or a formal cybersecurity certification.

Your importers' products must have CRA documentation before December 2027. If you do not provide it as a service, your competitor will.

70 licenses. 8 PDF documents per product. Annex VII structure. Browser-side. One payment.

€1,199 one-time
70 dossiers · 20 minutes per product · One payment · Regulation (EU) 2024/2847
Buy CRACheck Professional Pack — €1,199

Related

PROFESSIONAL PACK

CRA documentation tool for authorised representative services
PROFESSIONAL PACK

CRA documentation tool for cybersecurity consultancies
INDIVIDUAL LICENSE

CRACheck — single license from €149