CRA Readiness Checker — is my product in scope of the Cyber Resilience Act?

Free EU Cyber Resilience Act scoping tool: answer guided questions, get a scoping memo with article citations, your product classification (default / important Class I–II / critical), the conformity-assessment route, and a phase-by-phase obligations checklist with deadlines. Based on the official text of Regulation (EU) 2024/2847.

Answer the questions — every branch cites the regulation. The result is a downloadable scoping memo + gap checklist.

Key dates

DateWhat appliesCitation

Penalties for non-compliance

ViolationMaximum fineCitation

Disclaimer: this tool summarises Regulation (EU) 2024/2847 with article-level citations and is provided for orientation only — it is not legal advice. Classification boundaries depend on a pending implementing act (Art. 7(4)), and boundary cases (SaaS lines, open-source monetisation, AI Act interplay) require professional review. Need the full pack — SBOM pipeline, vulnerability-handling process templates, Annex VII technical-documentation skeleton, reporting runbook? CRA-Ready kit → Start with your SBOM today.