Reg EU 2024/2847 — Cyber Resilience Act
CRA Applicability Check Answer seven questions about your product. Get a four-line verdict — scope, classification, conformity route, and penalty exposure — each citation-anchored to the regulation.
This tool checks CRA scope and classification against Reg (EU) 2024/2847. It does not certify compliance and is not legal advice. Read the methodology → 01 What kind of product are you placing on the EU market? — Hardware Software (downloadable) IoT-connected device Mobile application 02 Does the product contain digital elements (firmware, software, embedded components)? Yes No
03 How does it connect to other systems? — Local only (no network) Cloud (always-on) Hybrid (intermittent) No connection 04 Who is the primary audience? — Consumer Business Industrial / critical infrastructure 05 Is the product delivered exclusively as a hosted service (SaaS) with no on-device component? Yes No
06 Is this free and open-source software made available outside a commercial activity? Yes No
07 Does the product include a machine-learning or AI component as a security-relevant function? Yes No
SCOPE // awaiting inputs CLASS // requires SCOPE ROUTE // requires CLASS PENALTY // requires ROUTE Dataset freshness › Citations and classification rules verified against EUR-Lex on 2026-06-11. Dataset version 1.0.0.
Privacy Terms Accessibility Affiliate disclosure © 2026 SellerGuardrails — EU compliance decision tools