Skip to main content

The EU Declaration of Conformity (DoC) for Your Software

The EU Declaration of Conformity (DoC) is a crucial document. It's your legally binding, formal statement, as the manufacturer, declaring that your software product (like your app, game, or paid library) and your processes fully comply with all applicable requirements of the Cyber Resilience Act (Article 28(1) of the CRA legal text).

Key Aspects of the DoC

  • Your Responsibility: By drawing up the DoC, you assume full responsibility for your software's compliance (Article 28(4) of the CRA legal text).
  • Mandatory Content: It must include specific information, such as your details, product identification, a statement of conformity to the CRA, and references to any harmonised standards or common specifications used. The model structure is in Annex V of the CRA legal text (Article 28(2) of the CRA legal text).
  • Accessibility: You must provide the DoC or a simplified version (with a link to the full one, as per Annex VI) with your software (Article 13(20) of the CRA legal text).
  • Record Keeping: You need to keep this DoC, along with your technical documentation, for at least 10 years after placing the product on the market, or for the support period, whichever is longer (Article 13(13) of the CRA legal text).

This document is a cornerstone for affixing the CE marking and proving your due diligence to authorities.

Key Takeaway

The EU Declaration of Conformity (DoC) is your formal, signed promise that your software meets CRA rules; it's a legal must-have for market access and the basis for your CE marking.