CRA Readiness Checker — is my product in scope of the Cyber Resilience Act?
Free EU Cyber Resilience Act scoping tool: answer guided questions, get a scoping memo with article citations, your product classification (default / important Class I–II / critical), the conformity-assessment route, and a phase-by-phase obligations checklist with deadlines. Based on the official text of Regulation (EU) 2024/2847.
Answer the questions — every branch cites the regulation. The result is a downloadable scoping memo + gap checklist.
Key dates
| Date | What applies | Citation |
|---|
Penalties for non-compliance
| Violation | Maximum fine | Citation |
|---|
Disclaimer: this tool summarises Regulation (EU) 2024/2847 with article-level citations and is provided for orientation only — it is not legal advice. Classification boundaries depend on a pending implementing act (Art. 7(4)), and boundary cases (SaaS lines, open-source monetisation, AI Act interplay) require professional review. Need the full pack — SBOM pipeline, vulnerability-handling process templates, Annex VII technical-documentation skeleton, reporting runbook? CRA-Ready kit → Start with your SBOM today.