Skip to main content

Copy of the EU Declaration of Conformity for Software

After you've done your due diligence and are ready to declare your software compliant with the Cyber Resilience Act (CRA), you create and sign the EU Declaration of Conformity (DoC). This signed declaration is not just a standalone document; it must also be included as part of your comprehensive compliance file.

A Mandatory Element of Technical Documentation

The requirement is simple and direct. Annex VII, which lists the contents of the Technical Documentation, states in point 7 that the file must contain "a copy of the EU declaration of conformity".

Why is it Included?

The Technical Documentation is your complete evidence locker that demonstrates how you comply with the CRA. The EU DoC is the final, formal attestation based on all that evidence. Including a copy of the signed DoC within the technical file logically completes the compliance picture for any authority reviewing it.

It links your detailed technical evidence (the "how") with your formal legal declaration (the "what").

What to Include

You should include the full, final, signed, and dated copy of your EU Declaration of Conformity.

  • If you have a single DoC covering multiple EU legal acts (as per Article 28, Paragraph 3), then that is the version that should be included.
  • As your software is updated and if a new DoC is issued for a new version, the Technical Documentation for that new version should contain the corresponding new DoC.

This ensures that the technical evidence always matches the formal declaration it supports.

Key Takeway

A full, signed copy of your EU Declaration of Conformity is a required component of the Technical Documentation for your software. It serves as the formal conclusion to the evidence presented in the rest of the file.