The EU Declaration of Conformity (DoC) for Software: Purpose and Importance
So, you've navigated the risk assessments and ensured your app, game, or software component aligns with the Cyber Resilience Act (CRA). What's next? You need to make it official with an EU Declaration of Conformity (DoC).
What is it?
The DoC is a formal, written statement drawn up and signed by you, the manufacturer. In it, you declare that your software product fulfills the essential cybersecurity requirements laid out in Annex I of the CRA. Article 28, Paragraph 1, specifies this is its core purpose. Think of it as your product's official pledge of allegiance to the CRA's security standards.
Why is it Important for Your Software?
- Legal Requirement: Drawing up a DoC is mandatory before you can affix the CE marking and place your software on the EU market.
- Assumes Responsibility: By creating and signing the DoC, you formally assume responsibility for your software's compliance with the CRA. This isn't a step to be taken lightly.
- Basis for CE Marking: The DoC is a prerequisite for the CE marking, which signals to authorities and users that your software meets EU standards.
- Information for Authorities: Market surveillance authorities can request your DoC to verify compliance. It’s a key document in their oversight activities.
- Transparency (Indirectly): While the full DoC might not always be directly user-facing in its entirety, its existence (and often a simplified version or link to it) provides a level of assurance.
For game developers, app creators, and software vendors, the DoC is a critical piece of the compliance puzzle, solidifying your commitment to cybersecurity.
Key Takeway
The EU Declaration of Conformity is your formal, signed document stating that your software product complies with the CRA's essential cybersecurity requirements, and by issuing it, you take full legal responsibility.