Search every question across CRA sub-FAQs

Yes.

If the manufacturer provides the simplified declaration with the product, it must contain the exact internet address at which the full EU declaration of conformity can be accessed.

Yes.

The CRA still requires the manufacturer to draw up the EU declaration of conformity under Article 28 before the product is placed on the market. Article 13(20) only gives the manufacturer a choice about what accompanies the product: either a copy of the full declaration or the simplified declaration. The simplified declaration is therefore not a substitute for creating the full declaration in the first place.

No.

Where the product is subject to more than one Union legal act requiring an EU declaration of conformity, the CRA requires a single declaration covering all of them. That declaration must identify the Union legal acts concerned, including their publication references. The single declaration may still be organised as a dossier containing the relevant individual declarations.

No.

The declaration records the basis on which conformity is declared, but presumption of conformity comes from the underlying legal conformity route, such as correctly applying a relevant harmonised standard whose reference is published in the Official Journal, a common specification, or a qualifying European cybersecurity certification scheme. The Blue Guide expressly says that merely referencing a harmonised standard in the EU declaration of conformity without actually applying that standard, or the relevant parts of it, does not create presumption of conformity.

Under the CRA, that is formal non-compliance.

Article 58 says the market surveillance authority must require the manufacturer to put an end to the non-compliance where the EU declaration of conformity has not been drawn up or has not been drawn up correctly. If the non-compliance persists, the Member State must take appropriate measures to restrict or prohibit the product from being made available on the market or ensure that it is recalled or withdrawn.

Yes, but only within the limits of the CRA mandate rules.

Article 18 requires the mandate to allow the authorised representative at least to keep the EU declaration of conformity and provide it to market surveillance authorities. In addition, Annex VIII expressly allows the authorised representative, in certain conformity assessment procedures, to fulfil the declaration and CE-marking obligations on the manufacturer's behalf and under its responsibility if the mandate says so. But the CRA does not transfer the manufacturer's underlying responsibility for compliance, and Article 18(2) still makes the core Article 13(12), first-subparagraph obligations non-delegable.

Under the CRA, an economic operator means the manufacturer, authorised representative, importer, distributor, or another natural or legal person that is subject to obligations relating to the manufacture of products with digital elements or to their making available on the market under the Regulation.

The CRA defines them as separate roles:

- the manufacturer develops, manufactures, or has the product designed, developed or manufactured, and markets it under its own name or trademark

- the authorised representative is an EU-established person with a written mandate from the manufacturer to act on specified tasks

- the importer is an EU-established person who places on the market a product bearing the name or trademark of a person established outside the Union

- the distributor is a person in the supply chain, other than the manufacturer or importer, who makes the product available on the Union market without affecting its properties

Yes.

The CRA recognises that the same business can perform different functions depending on the product and the service it provides. A business that only provides online intermediation for one product may not be a CRA economic operator for that product, while the same business could still be a distributor or a manufacturer for other products that it actually sells or brands.

Yes.

Under the CRA definition, what matters is not only who physically developed or assembled the product, but also who markets it under its own name or trademark. If a business places the product on the market under its own brand, it takes the manufacturer role for CRA purposes.

Not in every case.

Article 18 says a manufacturer may appoint an authorised representative by written mandate, so the appointment is optional under the CRA itself. But where the manufacturer is established outside the Union, a CRA-covered product can only be placed on the Union market if there is an EU-established operator performing the tasks required by Article 4 of Regulation (EU) 2019/1020.

No.

The Commission FAQ explains that a non-EU manufacturer needs an economic operator established in the Union to perform the Article 4 tasks under Regulation (EU) 2019/1020. Depending on the setup, that can be an importer, an authorised representative or, where no other such operator exists, a fulfilment service provider.

The authorised representative performs the tasks specified in the written mandate from the manufacturer. At minimum, that mandate must allow it to:

- keep the EU declaration of conformity and technical documentation at the disposal of market surveillance authorities

- provide the relevant information and documentation to market surveillance authorities on request

The authorised representative must also provide a copy of its mandate to market surveillance authorities on request.

The authorised representative cannot take over the manufacturer's core product-compliance obligations listed in Article 13(1) to (11), Article 13(12), first subparagraph, and Article 13(14).

That means the authorised representative can help with documentation and authority-facing tasks, but it does not replace the manufacturer for the core design, risk assessment, conformity assessment and ongoing compliance duties that the CRA keeps with the manufacturer.

Before placing a product on the market, the importer must ensure that:

- the manufacturer carried out the appropriate conformity assessment

- the manufacturer drew up the technical documentation

- the product bears the CE marking and is accompanied by the declaration of conformity and Annex II information and instructions in an understandable language

- the manufacturer complied with the identification, contact-detail and support-period-end-date obligations in Article 13(15), (16) and (19)

If the importer considers or has reason to believe that the product or the manufacturer's processes are not in conformity, it must not place the product on the market until conformity is restored.

If the product presents a significant cybersecurity risk, the importer must inform the manufacturer and the market surveillance authorities. After placement on the market, if the importer becomes aware of a vulnerability, it must inform the manufacturer without undue delay and, where there is a significant cybersecurity risk, also inform the relevant market surveillance authorities.

The importer must keep a copy of the EU declaration of conformity at the disposal of market surveillance authorities for at least 10 years after placement on the market or for the support period, whichever is longer. It must also ensure that the technical documentation can be made available and must provide the necessary information and documentation further to a reasoned request.

Before making a product available on the market, the distributor must verify that:

- the product bears the CE marking

- the manufacturer and the importer complied with the documentation and traceability obligations listed in Article 20(2)

- the necessary documents have been provided to the distributor

The distributor must also act with due care in relation to the CRA's requirements.

If the distributor considers or has reason to believe that the product or the manufacturer's processes are not in conformity, it must not make the product available until conformity is restored.

If the distributor later knows or has reason to believe that a product it has made available is not in conformity, it must make sure that corrective measures, withdrawal or recall are taken as appropriate. Upon becoming aware of a vulnerability, it must inform the manufacturer without undue delay and, where there is a significant cybersecurity risk, immediately inform the relevant market surveillance authorities.

Further to a reasoned request, the distributor must provide the information and documentation necessary to demonstrate conformity and cooperate with the market surveillance authority on measures to eliminate cybersecurity risks.

If the distributor becomes aware that the manufacturer has ceased operations and can no longer comply with the CRA, it must inform the relevant market surveillance authorities without undue delay and, to the extent possible, also inform the users of the products placed on the market.