Independent guide to Regulation (EU) 2024/2847 · Status: in force
Tools · Self-assessment

CRA Fast Check

A short, structured questionnaire that indicates whether your product falls within the scope of the Cyber Resilience Act; and which class it is likely to be.

CRA Fast Check · self-assessmentQ 1 / 3
Question 1 of 3
Is the product made available on the EU market?
Indicative only. This self-assessment does not constitute legal advice; consult the full text of the Regulation.
Understanding your result

What the product classes mean

If the Act applies, your product falls into one of these classes; which determines how compliance must be demonstrated. The important and critical categories are defined by name in Annexes III and IV.

Default

Most products

The majority of products with digital elements, where standard cybersecurity risk is expected.

Conformity routeSelf-assessment against Annex I
Important

Higher-risk categories

Products listed in Annex III, such as password managers, VPNs, network management and operating systems.

Conformity routeHarmonised standards or third-party assessment
Critical

Critical products

Products in Annex IV whose compromise carries systemic risk, such as smart meters and secure elements.

Conformity routeMandatory European certification
After the check

Continue with the right tools

Compliance matrixMap each Annex I requirement to your product and track it to done.Cost calculatorEstimate the cost of reaching compliance for your class.