CRA Declaration of Conformity: Template and Step-by-Step Writing Guide

Every product with digital elements needs an EU Declaration of Conformity before it can legally carry the CE marking. The DoC is your formal statement that the product meets CRA requirements, and you're legally responsible for its accuracy.

This guide provides a complete template and explains each required element.

What Is the EU Declaration of Conformity?

The EU Declaration of Conformity is a formal document where the manufacturer declares that a product complies with applicable EU legislation. For CRA products, it states:

• The product meets CRA essential requirements (Annex I)
• Conformity assessment has been completed
• The manufacturer takes legal responsibility

The DoC is not optional. Without it, your product cannot bear the CE marking and cannot be legally placed on the EU market.

CRA DoC Requirements

Legal Basis

CRA Article 28 specifies DoC requirements, referencing the structure in Annex VI.

Required Elements

The CRA DoC must contain:

EU DECLARATION OF CONFORMITY - REQUIRED ELEMENTS

1. DOCUMENT IDENTIFICATION
   - Declaration number (unique identifier)
   - Date of issue

2. MANUFACTURER IDENTIFICATION
   - Name and address
   - Contact information

3. PRODUCT IDENTIFICATION
   - Product name, type, model
   - Batch, serial number, or other identification
   - Sufficient detail for traceability

4. CONFORMITY STATEMENT
   - Statement that DoC is issued under sole responsibility
     of the manufacturer
   - Statement that product conforms to CRA

5. LEGISLATION REFERENCE
   - "Regulation (EU) 2024/2847" (Cyber Resilience Act)
   - Other applicable EU legislation (if any)

6. STANDARDS APPLIED
   - Harmonized standards used (with references)
   - Other technical specifications applied

7. NOTIFIED BODY (if applicable)
   - Name and number of Notified Body
   - Module applied (B, C, H)
   - Certificate reference

8. ADDITIONAL INFORMATION
   - Support period end date
   - Contact point for cybersecurity issues

9. SIGNATURE
   - Signed for and on behalf of manufacturer
   - Name and function of signatory
   - Place and date
   - Signature

Complete DoC Template

Use this template as a starting point. Customize the bracketed sections for your product.

═══════════════════════════════════════════════════════════════
                 EU DECLARATION OF CONFORMITY
                    (Cyber Resilience Act)
═══════════════════════════════════════════════════════════════

Declaration No.: [DoC-PRODUCT-YYYY-NNN]
Date of Issue: [DD Month YYYY]

───────────────────────────────────────────────────────────────
1. MANUFACTURER
───────────────────────────────────────────────────────────────

Name:           [Company Legal Name]
Address:        [Street Address]
                [Postal Code, City]
                [Country]
Contact:        [Email / Phone]
Website:        [URL]

───────────────────────────────────────────────────────────────
2. PRODUCT IDENTIFICATION
───────────────────────────────────────────────────────────────

Product Name:   [Product Name]
Model/Type:     [Model Number / Type Designation]
Hardware Ver:   [Hardware Version, if applicable]
Software Ver:   [Software/Firmware Version]
Batch/Serial:   [Batch number range or serial number format]

Product Description:
[Brief description of the product and its intended purpose,
sufficient to identify the product unambiguously]

───────────────────────────────────────────────────────────────
3. DECLARATION
───────────────────────────────────────────────────────────────

This declaration of conformity is issued under the sole
responsibility of the manufacturer.

The object of the declaration described above is in conformity
with the relevant Union harmonisation legislation:

    • Regulation (EU) 2024/2847 of the European Parliament
      and of the Council of 23 October 2024 on horizontal
      cybersecurity requirements for products with digital
      elements (Cyber Resilience Act)

    [• Additional applicable legislation, e.g.:
    • Directive 2014/53/EU (Radio Equipment Directive)
    • Regulation (EU) 2023/1230 (Machinery Regulation)
    • etc.]

───────────────────────────────────────────────────────────────
4. CONFORMITY ASSESSMENT
───────────────────────────────────────────────────────────────

Conformity assessment procedure applied:

    [Choose one:]

    ☐ Module A (Internal Production Control)
      Based on Annex VIII of Regulation (EU) 2024/2847

    ☐ Module B + C (EU-Type Examination + Conformity to Type)
      Based on Annex VIII of Regulation (EU) 2024/2847
      Notified Body: [Name], No. [XXXX]
      EU-Type Examination Certificate: [Certificate Number]
      Date: [Certificate Date]

    ☐ Module H (Full Quality Assurance)
      Based on Annex VIII of Regulation (EU) 2024/2847
      Notified Body: [Name], No. [XXXX]
      QA System Certificate: [Certificate Number]
      Date: [Certificate Date]

───────────────────────────────────────────────────────────────
5. STANDARDS AND SPECIFICATIONS APPLIED
───────────────────────────────────────────────────────────────

Harmonised standards applied:
[List all harmonised standards used, with full references]

    • EN [XXXXX]:20XX - [Standard Title]
    • EN [XXXXX]:20XX - [Standard Title]

Other technical specifications applied:
[List any other standards or specifications used]

    • ISO/IEC [XXXXX]:20XX - [Standard Title]
    • [Other specifications]

───────────────────────────────────────────────────────────────
6. ADDITIONAL INFORMATION (CRA-Specific)
───────────────────────────────────────────────────────────────

Support Period:
Security updates will be provided until: [DD Month YYYY]
(Minimum 5 years from date of market placement)

First EU Market Placement: [DD Month YYYY]

Cybersecurity Contact:
For vulnerability reports and security inquiries:
    Email: [security@company.com]
    Web:   [https://company.com/security]
    security.txt: [https://company.com/.well-known/security.txt]

Technical Documentation:
Technical documentation is available upon request to
competent authorities at the address above.

───────────────────────────────────────────────────────────────
7. SIGNATURE
───────────────────────────────────────────────────────────────

Signed for and on behalf of:

[Company Legal Name]


_________________________________
[Full Name]
[Title/Function]

Place: [City, Country]
Date:  [DD Month YYYY]

═══════════════════════════════════════════════════════════════
                         END OF DECLARATION
═══════════════════════════════════════════════════════════════

Section-by-Section Guidance

1. Document Identification

Declaration Number: Create a unique identifier for tracking. Recommended format:

• DoC-[ProductCode]-[Year]-[Sequence]
• Example: DoC-SSP3000-2027-001

Date of Issue: The date you sign the declaration. Must be after conformity assessment completion.

2. Manufacturer Identification

Who signs the DoC:

• The manufacturer (entity that designed/produced the product or markets under their name)
• OR an authorized representative established in the EU (with written mandate)

If using authorized representative: Add: "Authorized Representative: [Name, Address], acting on behalf of [Manufacturer Name, Address]"

3. Product Identification

Be specific enough for traceability:

• Include model numbers, not just product names
• Specify version numbers for hardware and software
• Indicate batch/serial number scope

Example:

Product Name:   SmartSense Pro Industrial Sensor
Model/Type:     SSP-3000
Hardware Ver:   Rev C (PCB v3.2)
Software Ver:   Firmware 2.4.1
Batch/Serial:   Serial numbers SSP3K-2027-XXXXXX

4. Conformity Assessment

Module A (Self-Assessment):

• Available for Default products
• Available for Important Class I (if using harmonized standards)
• No Notified Body involvement

Module B+C (EU-Type Examination):

• Required for Important Class II (unless Module H)
• Required for Important Class I without harmonized standards
• Notified Body examines type specimen
• Include certificate details

Module H (Full Quality Assurance):

• Alternative to B+C
• Notified Body approves quality system
• Include certificate details

5. Standards Applied

Harmonized Standards:

• Standards published in Official Journal of the EU
• Provide presumption of conformity
• Include full reference (number, year, title)

Format:

• EN 303 645:2020 - Cyber Security for Consumer Internet
  of Things: Baseline Requirements

If no harmonized standards exist: State: "No harmonised standards applied. Conformity demonstrated through [describe approach]."

6. CRA-Specific Additional Information

While not strictly required by the DoC format, including CRA-specific information improves transparency:

Support Period:

• State when security updates end
• Must be minimum 5 years from market placement

Cybersecurity Contact:

• Where to report vulnerabilities
• Reference to security.txt

7. Signature

Who can sign:

• Person authorized to commit the manufacturer
• Typically: CEO, Director, Quality Manager, Regulatory Affairs Lead

Requirements:

• Handwritten signature (or qualified electronic signature)
• Full name and function
• Place and date

Multiple Products, Multiple DoCs?

One DoC Per Product Type

Generally, each distinct product model/type needs its own DoC.

Can be combined when:

• Products are variants of the same type
• Same conformity assessment applies
• Same standards applied

Example of combined DoC:

Product Name:   SmartSense Pro Industrial Sensor
Model/Type:     SSP-3000 (all variants)
                - SSP-3000-WiFi
                - SSP-3000-LoRa
                - SSP-3000-Cellular

Version Updates

When to issue new DoC:

• New hardware version affecting compliance
• Significant software changes affecting security
• Changes to applicable standards
• Changes to conformity assessment (new certificate)

When NOT required:

• Minor software patches (security fixes within same architecture)
• Cosmetic changes
• Documentation updates

DoC Distribution

Where to Provide

With the product:

• Paper copy in packaging, OR
• Digital copy accessible (URL on product/packaging)

On request:

• Must provide to market surveillance authorities
• Should provide to customers on request

Digital DoC

CRA allows electronic format:

For the complete EU Declaration of Conformity, visit:
https://company.com/doc/SSP-3000

Or scan: [QR code]

Requirements for digital:

• Stable URL (don't change)
• Accessible without registration
• Downloadable/printable format

Common Mistakes

Missing Required Elements

Problem: DoC lacks essential information (e.g., no conformity assessment module stated).

Fix: Use the checklist. Verify all required elements before signing.

Wrong Entity Signs

Problem: DoC signed by importer or distributor instead of manufacturer.

Fix: Only the manufacturer (or authorized representative with mandate) signs the DoC.

Outdated Standards References

Problem: DoC references withdrawn or superseded standards.

Fix: Regularly review applied standards. Update DoC when standards change.

No Version Control

Problem: Multiple DoC versions exist, unclear which is current.

Fix: Use declaration numbers, track versions, archive superseded DoCs.

Signing Before Assessment Complete

Problem: DoC dated before conformity assessment finished.

Fix: Complete all assessment activities before signing. DoC date must be after assessment.

Missing Support Period

Problem: DoC doesn't indicate when security updates end.

Fix: Include support period end date. It's good practice even if not strictly required in DoC.

DoC Checklist

EU DECLARATION OF CONFORMITY CHECKLIST

BEFORE DRAFTING:
[ ] Conformity assessment complete
[ ] Test reports available
[ ] Technical file prepared
[ ] Standards list finalized
[ ] Support period determined

DOCUMENT CONTENT:
[ ] Unique declaration number assigned
[ ] Manufacturer name and address correct
[ ] Product fully identified (model, version, batch/serial)
[ ] CRA referenced correctly: "Regulation (EU) 2024/2847"
[ ] Other applicable legislation listed
[ ] Conformity assessment module stated
[ ] Notified Body details included (if applicable)
[ ] All applied standards listed with references
[ ] Support period end date stated
[ ] Security contact information included

SIGNATURE:
[ ] Signatory authorized to commit manufacturer
[ ] Full name and function stated
[ ] Place stated
[ ] Date stated (after assessment completion)
[ ] Signature present (handwritten or qualified electronic)

DISTRIBUTION:
[ ] Copy accompanies product (physical or digital link)
[ ] Copy in technical file
[ ] Available for authority requests
[ ] Version tracked and archived

POST-SIGNATURE:
[ ] CE marking applied to product
[ ] Product information includes DoC reference
[ ] Distribution channels informed

DoC Template Variations

For Module A (Self-Assessment)

Simplified conformity assessment section:

4. CONFORMITY ASSESSMENT

Conformity assessment procedure applied:

    ☑ Module A (Internal Production Control)
      Based on Annex VIII of Regulation (EU) 2024/2847

      The manufacturer has verified that the product meets
      the essential requirements through internal assessment
      documented in the technical file.

For Module B+C (Third-Party)

Include Notified Body details:

4. CONFORMITY ASSESSMENT

Conformity assessment procedure applied:

    ☑ Module B + C (EU-Type Examination + Conformity to Type)
      Based on Annex VIII of Regulation (EU) 2024/2847

      EU-Type Examination performed by:
      Notified Body: TÜV Rheinland LGA Products GmbH
      Notified Body Number: 0197
      Certificate Number: EU-TYPE-2027-12345
      Certificate Date: 15 January 2027

      The manufacturer ensures production conformity to the
      certified type (Module C) through internal production
      controls.

For Multiple Regulations

When product is subject to both CRA and other regulations:

3. DECLARATION

The object of the declaration described above is in conformity
with the relevant Union harmonisation legislation:

    • Regulation (EU) 2024/2847 (Cyber Resilience Act)

    • Directive 2014/53/EU (Radio Equipment Directive)
      Notified Body: [Name], No. [XXXX]
      Certificate: [Number]

    • Directive 2014/35/EU (Low Voltage Directive)

Retention Requirements

How long to keep:

• 10 years after the last unit of the product is placed on the market

What to retain:

• Signed original (or authenticated copy)
• Version history
• Supporting documentation references

Where to keep:

• With technical file
• Accessible for authority requests

How CRA Evidence Helps

CRA Evidence includes DoC management:

• Template generator: Pre-filled with your product details
• Version tracking: Manage DoC versions across products
• Digital distribution: Host DoCs with stable URLs
• Archive management: 10-year retention with audit trail
• Export: Generate compliant DoC documents

Create your Declaration of Conformity at app.craevidence.com.

Related Articles

• CRA Technical File (Annex VII): Complete Guide -- Learn what documentation must accompany your Declaration of Conformity in the technical file.
• CRA Conformity Assessment Decision Guide -- Understand which assessment module (A, B+C, or H) applies to your product.
• CRA Product Classification Guide -- Determine whether your product is Default, Important, or Critical under the CRA.

This article is for informational purposes only and does not constitute legal advice. For specific compliance guidance, consult with qualified legal counsel.