Independent guide to Regulation (EU) 2024/2847 · Status: in force
Path to compliance · Guidance

CRA guide for importers, distributors & resellers

What economic operators must verify before; and after; making a product with digital elements available on the EU market.

Applies to
Economic operators
Core duty
Place only compliant products
Verify
CE marking & EU DoC
Records
Keep for 10 years

Compliance steps

1

Verify the product is compliant

Art. 19 · 23

Before placing a product on the market, confirm the manufacturer has met their obligations.

  • Check the CE marking is affixed
  • Confirm the EU declaration of conformity exists
  • Ensure user information and instructions are included
Tool for this step
2

Confirm documentation and support

Art. 23(2)

Make sure the manufacturer's technical documentation and support arrangements are in place.

  • Verify a support period is declared
  • Confirm a vulnerability-reporting contact exists
  • Keep a copy of the declaration of conformity
Importer duty

You must not place a product on the market if you have reason to believe it does not conform.

3

Exercise due diligence (distributors)

Art. 26

Distributors must act with due care in relation to the requirements.

  • Check the CE marking and accompanying documents
  • Ensure storage and transport do not compromise conformity
  • Act if you suspect non-conformity
4

Cooperate and report

Art. 23(5)

Inform manufacturers and authorities of risks, and support corrective action.

  • Notify the manufacturer of identified risks
  • Inform market surveillance authorities where required
  • Assist with recalls or corrective measures
5

Keep records

Art. 23(7)

Maintain the records that let authorities trace the product through the supply chain.

  • Identify the economic operators you supplied or were supplied by
  • Retain records for ten years
  • Make them available to authorities on request
Free tools for this role

Every tool below is free to use and opens here in a side panel, so you don't lose your place.

FreeCRA Fast Check

Confirm whether the Act applies and your likely class.

Open here →FreeCompliance matrix

Map every Annex I & VII obligation and track it to done.

Open here →FreeCost calculator

Estimate the one-off and annual cost of compliance.

Open here →FreeVulnerability Analyzer

Cross-reference your SBOM against the NVD & EUVD, and track End-of-Life components.

Open here →FreeDoC generator

Generate an EU Declaration of Conformity (Annex V) for your product.

Open here →FreeClassification finder

Pin down whether your product is default, important or critical, by name.

Open here →FreeSupport-period planner

Set your minimum support period and flag components that reach End-of-Life too soon.

Open here →
More guidance

Other stakeholder guides

S

Software developers

How the Cyber Resilience Act applies to software products; from secure development to vulnerability handling, SBOMs and the CE marking.

Read this guide →
M

Manufacturers

The obligations the Cyber Resilience Act places on producers of products with digital elements; from risk assessment to CE marking and post-market duties.

Read this guide →
CE

How to obtain a CE marking

The steps to declare conformity and affix the CE marking for a product with digital elements.

Read the guide →