CRA FAQ

 Open Regulatory Compliance Working Group Orc mascott

What is the technical documentation?

The technical documentation must contain the elements laid down in Annex VII of the CRA.

The manufacturer must take into consideration that the technical documentation is not only an internal deliverable but it might be requested by the market surveillance authorities. Therefore, it has to be comprehensive and clear. The manufacturer must be able to demonstrate that the product has been designed, developed and manufactured to comply with the essential requirements of the CRA. The latter includes specifications of vulnerability handling processes.

The technical documentation can be written in any language. Nevertheless, if it is required by a market surveillance authority, it needs to be provided in a language easily understood by this authority.

There is no obligation to make the technical documentation available to a manufacturer’s customers or to the public, with the exception of manufacturers of free and open-source software that fall under the categories set out in Annex III (important products of class I or II) that wish to self-attest their conformity, in accordance with Article 32(5).

© 2025 European Union • CC-BY 4.0 • “FAQs on the Cyber Resilience Act” p.61 (PDF) •
Disclaimer

Disclaimer: This document is prepared by the Commission services and should not be considered as representative of the European Commission’s official position. The replies to the FAQs do not extend in any way the rights and obligations deriving from applicable legislation nor introduce any additional requirement. The expressed views are not authoritative and cannot prejudge any future actions the European Commission may take, including potential positions before the Court of Justice of the European Union, which is competent to authoritatively interpret Union law.