Free interactive check
Is your product CRA ready?
Answer a few quick questions. We tell you whether your product is Default, Class I, or Class II under the EU Cyber Resilience Act, which conformity-assessment path you are on, and what to do next. Results are advisory; verify against the regulation.
Step 1 · Your product
What are you building?
Pick the closest match. This shapes your result and the guidance we send.
For reference
What each result means
Default
Self-assessment
Most products. Self-assess against the 21 essential requirements, draft a Declaration of Conformity, generate an SBOM, publish a vulnerability-disclosure policy, and apply CE marking.
Class I — Important
Self-assess with standards
Annex III categories. Self-assessment only if you fully apply the relevant harmonised standards; otherwise a notified body runs the conformity assessment.
Class II — Critical
Notified body required
Annex IV categories. A notified body must run the conformity assessment. Plan cost and timeline early; there is no self-service path.
Final classification depends on the specific text of the regulation and any delegated acts in force at placement on the market. This check is a triage aid, not legal advice.