EU Declaration of Conformity: CRA Article 30
The EU Declaration of Conformity (DoC) is the manufacturer's formal declaration that their product meets all applicable CRA requirements. Without it, CE marking cannot lawfully be affixed and the product cannot be placed on the EU market.
What Is a Declaration of Conformity?
An EU Declaration of Conformity (EU DoC) is a legally binding document through which a manufacturer takes sole responsibility for the conformity of a product with the requirements of all applicable EU legislation. Under the CRA, drawing up an EU DoC is a prerequisite for affixing the CE marking to a product.
The EU DoC is distinct from the technical file — the DoC is a concise declaration document, while the technical file is the broader collection of evidence (risk assessments, design documentation, test results) that underpins the declaration. The DoC references the technical file but does not replace it.
One DoC per product: A single EU DoC may cover multiple EU legislative acts that apply to a product. If your product is subject to both the CRA and the Radio Equipment Directive (RED), for example, a single EU DoC can reference both regulations, provided it includes all required elements for each. This simplifies your documentation burden.
Mandatory Contents of the EU DoC (Article 30)
Article 30 of the CRA specifies nine mandatory elements that the EU DoC must contain. A DoC that is missing any of these fields is not compliant and cannot support valid CE marking.
Product identification
The product name, model, type, batch, serial number, or other element that uniquely identifies the product. Software products should include the version number and build identifier.
Manufacturer name and address
The full legal name of the manufacturer and the address of their registered place of business within or outside the EU. If the manufacturer is outside the EU, the authorised representative's name and EU address must also be included.
Statement of sole responsibility
A statement that the declaration is issued under the sole responsibility of the manufacturer.
Regulatory reference
A reference to the applicable EU legislation — for the CRA: 'Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements.'
Applicable harmonised standards or specifications
References to any harmonised European standards applied, or to common specifications adopted by the Commission, with the specific clauses met identified. If no harmonised standard covers the requirement, reference the technical solution used.
Conformity assessment procedure
Identification of the conformity assessment module followed — e.g., Module A (internal production control / self-assessment) for most default products. For products requiring third-party assessment, include the notified body's name, address, and identification number.
Notified body details (if applicable)
Where a notified body was involved, include: the body's name, address, and four-digit notification number; the type, number, and expiry date of the certificate issued; and a description of the assessment carried out.
Place and date of issue
The place (city) and date on which the declaration was signed. The date must not be before the product first complies with all applicable requirements.
Authorised signatory details
The name, function (role/title), and signature of the person authorised to sign on behalf of the manufacturer. This is typically the CEO, CTO, or a designated compliance officer. Digital signatures are acceptable.
Retention, Translation, and Availability
10-year retention
Manufacturers must retain the EU DoC for at least 10 years after the last date on which the product was placed on the market. The DoC must be kept updated — if the product changes in a way that affects conformity, a new DoC must be drawn up.
Language requirements
The EU DoC must be drawn up in the official language(s) required by the member states where the product is placed on the market. If you sell across the EU, translations may be required. However, a single EU DoC in one language can be supplemented by translations rather than separate documents.
Public availability
The EU DoC does not have to be proactively published — but it must be made available to market surveillance authorities on request. Best practice is to publish it on your website or product documentation page, as B2B customers increasingly request it as part of procurement due diligence.
EU DoC and CE Marking: The Relationship
CE marking and the EU DoC are interdependent. The CE marking signifies that the manufacturer has drawn up an EU DoC — you cannot affix CE marking without one, and drawing up a DoC carries an implied commitment to affix CE marking to the product (or its packaging and documentation).
Under the CRA, CE marking for products with digital elements must be affixed visibly, legibly, and indelibly. For software products without physical form, CE marking should appear in the documentation and the user interface where practicable.
Enforcement from December 2027
From 11 December 2027, products without valid CE marking and an EU DoC cannot lawfully be placed on the EU market. Market surveillance authorities can order product withdrawal, recall, and impose fines. Importers have an independent obligation to verify CE marking before placing products on the market.
Common DoC Mistakes to Avoid
- ✕Signing the DoC before completing the conformity assessment — the DoC represents the end of the assessment process, not the start.
- ✕Failing to update the DoC when the product changes significantly — a major feature update that adds new attack surface may require a fresh assessment and new DoC.
- ✕Using a generic template that does not accurately identify the specific product version — the DoC must uniquely identify the product it covers.
- ✕Listing harmonised standards that were only partially applied — only list standards you have fully applied; partial application must be explicitly noted.
- ✕Omitting the notified body reference for Class II products — mandatory where third-party assessment was required.
- ✕Retaining the DoC in only one location — keep both a working copy and an archived copy with version control.
CRAReady's CRA Assessment module guides you through product classification and conformity route selection — the foundation you need before drawing up your DoC.
Need help implementing this? Try CRAReady →