EU CRA Clause Article 32
Conformity assessment procedures for products with digital elements
Regulation (EU) 2024/2847 (Cyber Resilience Act)
Article 32 of the EU Cyber Resilience Act sets the conformity assessment route a product with digital elements takes to CE marking, and the route depends on the product's risk tier. Default products — the large majority — self-assess under internal control (Module A) with no external body. Important Class I products (Annex III) may self-assess only if they apply harmonised standards or common specifications in full; otherwise a notified body is required. Important Class II products require a notified body, and critical products (Annex IV) always do, with a European cybersecurity certification scheme sometimes layered on top. The procedures sit in Annex VIII; the main obligations apply from 11 December 2027.
Where Forge applies this
Verified against the primary source. Standards are periodically revised — always confirm the current text.