Chapter 8: Conformity Assessment
8.1 Overview
The Conformity Assessment is the formal demonstration that a product with digital elements meets the essential cybersecurity requirements of the CRA. The type of assessment depends on the Product Classification.
LEGAL BASIS
Art. 24 CRA: The manufacturer shall carry out a Conformity Assessment before placing a product on the market. The procedure depends on the product category.
Art. 28 CRA: Following a successful Conformity Assessment, the manufacturer shall draw up an EU Declaration of Conformity and affix the CE marking.
8.2 Assessment Procedures by Product Category
| Category | Procedure | Description |
|---|---|---|
| Standard | Module A (Internal Control) | Manufacturer self-assessment |
| Class I | Module A* or Module B+C | Self-assessment (where harmonised standards apply) or type examination |
| Class II | Module B+C or Module H | Type examination or comprehensive QA |
| Critical | EUCC | European Cybersecurity Certificate |
* Module A for Class I only where harmonised standards are applied in full
8.3 Chapter Structure
| Section | Topic | Description |
|---|---|---|
| 8.1 | Internal Control (Module A) | Self-assessment for Default and Class I* |
| 8.2 | EU Type Examination (Module B+C) | External examination for Class I and Class II |
| 8.3 | Comprehensive Quality Assurance (Module H) | QMS-based for Class II |
| 8.4 | European Cybersecurity Certificate (EUCC) | Certification for critical products (Annex IV) |
| 8.5 | Product Classification | CRA risk classes and classification |
| 8.5a | Product Lists (Annex III & IV) | Complete product category lists |
| 8.5b | CE Marking (Art. 29–30) | CE marking requirements |
| 8.6 | EU Declaration of Conformity | Annex V CRA, CE marking |
| 8.7 | Simplified DoC (Annex VI) | Annex VI: Abbreviated Declaration of Conformity |
| 8.8 | User Information (Annex II) | Annex II: Mandatory information for users |