Solve CRA Compliance
in Minutes, Not Months
Free self-assessment tool for the EU Cyber Resilience Act. Check if your product needs compliance, get your risk score, and generate required documentation β instantly.
Non-compliance can cost up to β¬15 Million or 2.5% of global turnover
The EU Cyber Resilience Act applies to nearly all products with digital elements sold in Europe. Deadlines are approaching fast.
CRA Entered Into Force
Regulation (EU) 2024/2847 officially applies across all EU member states.
Reporting Obligations Begin
Manufacturers must report actively exploited vulnerabilities to ENISA within 24 hours.
Full Compliance Required
All essential cybersecurity requirements must be met. Products without CE marking pulled from market.
Everything you need to start CRA compliance
From classification to documentation β our free tool guides you through the entire process.
Product Classification
Determine if your product is Default, Important (Class I/II), or Critical under CRA β and what that means for your obligations.
Compliance Scoring
Get a 0β100% compliance score based on your current security posture. See exactly where you stand and what needs work.
Document Generator
Generate 4 essential CRA documents instantly: Technical Documentation, Security Policy, Vulnerability Disclosure, and EU Declaration of Conformity.
Action Roadmap
Receive a prioritized list of actions with deadlines to achieve full compliance β tailored to your product's classification.
Privacy-First
Everything runs in your browser. No data leaves your device. No accounts, no tracking, no cloud storage. Your data stays yours.
Instant Results
Complete the 7-step wizard in under 5 minutes and get your classification, score, and documents immediately. No waiting, no callbacks.
How it works
Three simple steps from uncertainty to clarity.
Answer the Wizard
Tell us about your product, its connectivity, data handling, and current security measures in our guided 7-step assessment.
Get Your Score
Receive your CRA classification, compliance score, gap analysis, and a prioritized action roadmap tailored to your product.
Generate Documents
Download pre-filled compliance document templates ready for your legal team to review and finalize.
"Finally a clear, no-nonsense tool that helped us understand where we stand with CRA. The document generator saved us weeks of work."
"We used CRA-Check to quickly classify 12 products. The prioritized action roadmap made it easy to present a compliance plan to our board."
"Great starting point for CRA compliance. The fact that it's completely client-side was a must-have for us. Looking forward to PDF export!"
Simple, transparent pricing
Start for free. Upgrade when you need more.
Free
- βFull 7-step assessment
- βProduct classification
- βCompliance score
- β4 document templates (Markdown)
- βAction roadmap
- β100% client-side
- βPDF export
- βSave progress
- βMulti-language
Pro
- βEverything in Free
- βPDF document export
- βSave & compare assessments
- βMulti-language (DE, FR, EN)
- βEmail results & share
- βSBOM generator
- βPriority support
- βAPI access
- βCI/CD integration
Enterprise
- βEverything in Pro
- βAPI access
- βCI/CD pipeline integration
- βGitHub/GitLab repo scanning
- βWhite-label option
- βMultiple product portfolios
- βDedicated account manager
- βCustom integrations
- βSLA & premium support
Frequently Asked Questions
What is the EU Cyber Resilience Act (CRA)?+
The CRA (Regulation EU 2024/2847) is an EU regulation that sets mandatory cybersecurity requirements for all products with digital elements sold in the European single market. This includes hardware, software, IoT devices, and connected systems. It requires manufacturers to implement security-by-design, provide security updates, handle vulnerabilities, and maintain proper documentation.
Does the CRA apply to my product?+
If your product contains or connects to any digital component and is sold (or made available) in the EU, the CRA almost certainly applies. This includes desktop software, mobile apps, IoT devices, network equipment, embedded firmware, and even open-source projects under certain conditions. Our assessment wizard will help you determine the exact classification.
What are the fines for non-compliance?+
Non-compliance with essential cybersecurity requirements can result in fines of up to β¬15,000,000 or 2.5% of worldwide annual turnover, whichever is higher. Non-compliance with other CRA obligations can result in fines up to β¬10M or 2%. Even providing incorrect or incomplete information can lead to fines of up to β¬5M or 1%.
Is this tool legally binding?+
No. CRA-Check is an educational and guidance tool designed to help you understand your CRA obligations and get started with compliance. The generated documents are templates that should be reviewed and finalized by your legal and security teams. Always consult with legal professionals for binding compliance decisions.
Is my data safe?+
Absolutely. CRA-Check runs entirely in your browser. No data is sent to any server, no accounts are created, and nothing is stored in the cloud. Your assessment data exists only in your browser session and is gone when you close the tab. You can verify this β the tool works fully offline.
What product classifications exist under CRA?+
Default: Most products with digital elements fall here β self-assessment is sufficient. Important Class I: Operating systems, routers, VPNs, firewalls, password managers β self-assessment using harmonized standards or third-party assessment. Important Class II: Hypervisors, industrial firewalls, tamper-resistant chips β mandatory third-party assessment. Critical: Smart meter gateways, HSMs, smartcard readers for critical infrastructure β EU cybersecurity certification required.
Don't wait for the deadline.
Start your CRA compliance today.
Free assessment. No registration. Takes under 5 minutes.
Start Free Assessment β