Solve CRA Compliance
in Minutes, Not Months
Free CRA classification assessment. Find out if your product falls under the EU Cyber Resilience Act and which category applies. Need compliance docs? Generate them for €99 if you're in the default category.
Non-compliance can cost up to €15 Million or 2.5% of global turnover
The EU Cyber Resilience Act applies to nearly all products with digital elements sold in Europe. Deadlines are approaching fast.
CRA Entered Into Force
Regulation (EU) 2024/2847 officially applies across all EU member states.
Important/Critical Products
Mandatory for Important Class I/II and Critical products. Third-party assessment required for Class II and Critical.
Full Compliance Required
All remaining products must comply. Products without CE marking cannot be sold in the EU market.
Everything you need to start CRA compliance
From classification to documentation — our free tool guides you through the entire process.
Product Classification
Determine if your product is Default, Important (Class I/II), or Critical under CRA — and what that means for your obligations.
Compliance Scoring
Get a 0–100% compliance score based on your current security posture. See exactly where you stand and what needs work.
Document Generator
Generate 4 essential CRA documents instantly: Technical Documentation, Security Policy, Vulnerability Disclosure, and EU Declaration of Conformity.
Action Roadmap
Receive a prioritized list of actions with deadlines to achieve full compliance — tailored to your product's classification.
Privacy-First
Everything runs in your browser. No data leaves your device. No accounts, no tracking, no cloud storage. Your data stays yours.
Instant Results
Complete the 5-step wizard in under 3 minutes and get your classification immediately. No waiting, no callbacks.
How it works
Three simple steps from uncertainty to clarity.
Answer the Wizard
Tell us about your product, its connectivity, data handling, and target market in our guided 5-step assessment.
Get Your Score
Receive your CRA classification, compliance score, gap analysis, and a prioritized action roadmap tailored to your product.
Generate Documents
Download pre-filled compliance document templates ready for your legal team to review and finalize.
Simple Pricing
Free assessment. Pay only when you need compliance documents.
Free Assessment
- ✓Full 5-step product assessment
- ✓CRA scope determination
- ✓Product classification (Default/Important/Critical)
- ✓Personalized next steps
- ✓100% client-side — no data sent to servers
Compliance Documents
- ✓EU Declaration of Conformity (DoC)
- ✓Technical Documentation (Article 31)
- ✓Conformity Assessment Documentation
- ✓User Information & Instructions
- ✓SBOM (Software Bill of Materials)
- ✓Vulnerability Handling & Support Period Documentation
For Important or Critical products: We offer custom solutions. Contact us to discuss your needs.
Frequently Asked Questions
What is the EU Cyber Resilience Act (CRA)?+
The CRA (Regulation EU 2024/2847) is an EU regulation that sets mandatory cybersecurity requirements for all products with digital elements sold in the European single market. This includes hardware, software, IoT devices, and connected systems. It requires manufacturers to implement security-by-design, provide security updates, handle vulnerabilities, and maintain proper documentation.
Does the CRA apply to my product?+
If your product contains or connects to any digital component and is sold (or made available) in the EU, the CRA almost certainly applies. This includes desktop software, mobile apps, IoT devices, network equipment, embedded firmware, and even open-source projects under certain conditions. Our assessment wizard will help you determine the exact classification.
What are the fines for non-compliance?+
Non-compliance with essential cybersecurity requirements can result in fines of up to €15,000,000 or 2.5% of worldwide annual turnover, whichever is higher. Non-compliance with other CRA obligations can result in fines up to €10M or 2%. Even providing incorrect or incomplete information can lead to fines of up to €5M or 1%.
Is this tool legally binding?+
No. CRA-Check is an educational and guidance tool designed to help you understand your CRA obligations and get started with compliance. The generated documents are templates that should be reviewed and finalized by your legal and security teams. Always consult with legal professionals for binding compliance decisions.
Is my data safe?+
Absolutely. CRA-Check runs entirely in your browser. No data is sent to any server, no accounts are created, and nothing is stored in the cloud. Your assessment data exists only in your browser session and is gone when you close the tab. You can verify this — the tool works fully offline.
What product classifications exist under CRA?+
Default: Most products with digital elements fall here — self-assessment is sufficient. Important Class I: Operating systems, routers, VPNs, firewalls, password managers — self-assessment using harmonized standards or third-party assessment. Important Class II: Hypervisors, industrial firewalls, tamper-resistant chips — mandatory third-party assessment. Critical: Smart meter gateways, HSMs, smartcard readers for critical infrastructure — EU cybersecurity certification required.
Get in Touch
Have questions about CRA compliance? Need help with Important or Critical product classification? We're here to help.
Don't wait for the deadline.
Start your CRA compliance today.
Free assessment. No registration. Takes under 5 minutes.
Start Free Assessment →