EU Cyber Resilience Act
What is the EU Declaration of Conformity (CRA)?
The EU Declaration of Conformity (CRA Annex V) is the signed statement, issued under the manufacturer’s sole responsibility, that a product meets the Cyber Resilience Act’s essential requirements. It is a precondition for affixing the CE marking.
What it must contain
Annex V sets out the required fields: product identifiers; the manufacturer’s name and address; a statement that the declaration is issued under the manufacturer’s sole responsibility; the object of the declaration; the conformity statement and the assessment route used; the standards or specifications applied; and the place, date, and signatory’s identity and function.
The declaration is the visible top of a larger evidence stack — it should be backed by the Annex VII technical documentation, an SBOM, and a vulnerability-handling record.
Key points
- Defined by CRA Annex V; issued under the manufacturer’s sole responsibility.
- A precondition for CE marking.
- Must reference the conformity route and standards applied.
- Backed by the Annex VII technical documentation and SBOM.
Frequently asked questions
- What is an EU Declaration of Conformity?
- It is the manufacturer’s signed statement that a product meets the applicable EU requirements — under the CRA, the Annex I essential requirements. It is required before CE marking.
- Who signs the EU Declaration of Conformity?
- The manufacturer (or its authorised representative) signs it under sole responsibility; the declaration records the signatory’s identity and function.
Related
General information about the EU Cyber Resilience Act — not legal advice. Normproof provides tooling and audit-ready evidence; the manufacturer self-declares conformity. For your specific product, run the free readiness check or consult a qualified advisor.