Free Tool

Does the CRA Apply to Your Product?

Our comprehensive checker covers exemptions, product categories, and compliance obligations.

Question 1 of 11

Product Type

Does your product contain digital elements?

Digital elements include software, firmware, embedded systems, or any programmable components.

Yes

Contains software, firmware, or embedded systems

Pure hardware with no programmable components

No account required No data stored Takes 3-5 minutes

About the EU Cyber Resilience Act

The EU Cyber Resilience Act (Regulation 2024/2847) establishes cybersecurity requirements for products with digital elements sold in the European Union. It entered into force on December 10, 2024, with full enforcement beginning December 11, 2027.

This free tool helps you quickly determine if your product falls within the CRA's scope and what category it belongs to. Different categories have different conformity assessment requirements.

CRA Product Categories

Critical (Annex IV)

HSM, smartcards, smart meters. Requires European cybersecurity certification.

Important Class II

Hypervisors, firewalls, OS. Requires third-party conformity assessment.

Important Class I

VPN, password managers, identity systems. Self-assessment possible with standards.

Default (~90% of products)

Consumer devices, general software. Self-assessment allowed.

This tool provides general guidance only and does not constitute legal advice. For definitive compliance requirements, consult the official CRA text and seek professional advice.