Template Example of an EU DoC for a Software Product

The Cyber Resilience Act (CRA) provides the official structure for an EU Declaration of Conformity (DoC) in its Annex V. Below is an illustrative example of how this might look for a hypothetical software product.

Disclaimer: This is NOT an official template and is for educational purposes only. Always refer to Annex V of Regulation (EU) 2024/2847 for the definitive requirements.

---

EU DECLARATION OF CONFORMITY

1. Product with Digital Elements:

   • Name: PixelPioneer Photo Editor
   • Type: Desktop Photo Editing Software
   • Version: 2.5.1

2. Name and address of the manufacturer:

   • Creative Software Solutions Ltd.
   • 123 Innovation Drive, Tech City, DUBLIN, D01 X2Y3, Ireland
   • [email protected]

3. This declaration of conformity is issued under the sole responsibility of the manufacturer.

4. Object of the declaration:

   • Desktop software application "PixelPioneer Photo Editor" version 2.5.1, designed for editing digital photographs on Windows and macOS operating systems. Further details and screenshots available at www.creativesoftwaresolutions.example.com/pixelpioneer.

5. The object of the declaration described above is in conformity with the relevant Union harmonisation legislation:

   • Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements (Cyber Resilience Act).
   • (If applicable, list other Union acts, e.g., Directive 2014/30/EU on Electromagnetic Compatibility if sold with accompanying hardware)

6. References to any relevant harmonised standards used or any other common specification or cybersecurity certification in relation to which conformity is declared:

   • (Example: EN XXXX:YYYY - Cybersecurity for Consumer Software - clauses Z.Z to Z.Z)
   • (Example: Manufacturer’s internal security testing protocol Rev 1.2, based on OWASP Application Security Verification Standard)
   • (If no harmonised standards fully applied, describe solutions adopted to meet Annex I)

7. Where applicable, the name and number of the notified body, a description of the conformity assessment procedure performed and identification of the certificate issued:

   • Not Applicable (Conformity assessment based on internal control - Module A)

8. Additional information: Signed for and on behalf of: Creative Software Solutions Ltd. Place and date of issue: Dublin, 5 June 2025 Name, function: Jane Doe, CEO Signature: (Signature of Jane Doe)

---

Key Takeway

This example illustrates how Annex V content applies to software. Always use the official Annex V as your guide when drafting your actual DoC, ensuring all points are accurately addressed for your specific software product.