Conformity Assessment | We handle the compliance complexity.

📄️ What is Self-Assessment (Module A) for Software Products?

Under the Cyber Resilience Act (CRA), "Module A," also known as the "internal control" procedure, is your path to conformity if you're developing most types of software, like games, apps, or uncritical software components. Think of it as the manufacturer-led route to compliance.

📄️ Is Your Game, App, or Software Eligible for Self-Assessment?

The good news for many software developers of games, apps, and uncritical software components is that the Cyber Resilience Act (CRA) often allows for self-assessment of conformity. This is done using the "internal control" procedure, known as Module A.

📄️ Steps in Performing a Self-Assessment (Module A) for Software

So, your app, game, or uncritical software component is eligible for self-assessment under Module A of the Cyber Resilience Act (CRA). What does that actually involve? Here's a straightforward breakdown based on Annex VIII, Part I.

📄️ Manufacturer's Responsibilities Under Module A for Software

Choosing the self-assessment path (Module A) under the Cyber Resilience Act (CRA) for your game, app, or software component means you're in the driver's seat. It also means the buck stops with you. Here’s what you’re signing up for.

📄️ Technical Documentation Requirements for Software Self-Assessment

When you're self-assessing your game, app, or software under Module A of the Cyber Resilience Act (CRA), your technical documentation is your primary evidence of compliance. Article 31 and Annex VII lay out what needs to be in there. This isn't just a formality; it’s what market surveillance authorities will look at.

📄️ Drawing Up the EU Declaration of Conformity After Software Self-Assessment

You've completed your software's self-assessment (Module A) under the Cyber Resilience Act (CRA). You're confident your game, app, or uncritical library meets the essential cybersecurity requirements. The next crucial step is to formally declare this by drawing up an EU Declaration of Conformity (DoC).

📄️ Affixing the CE Marking to Your Software Product

You've done the hard yards: risk assessment, ensuring your app or game meets essential cybersecurity requirements, compiled technical documentation, and drawn up the EU Declaration of Conformity (DoC). The final step in this part of your Cyber Resilience Act (CRA) journey is affixing the CE marking.

📄️ When is Third-Party Assessment Needed for Software? (Important & Critical Overview)

While self-assessment (Module A) is the go-to for many apps, games, and uncritical software components under the Cyber Resilience Act (CRA), it's not a one-size-fits-all solution. The CRA cranks up the scrutiny for software deemed to carry higher risks, pushing them towards third-party conformity assessment.

📄️ Record Keeping for Software Self-Assessment: How Long?

You've self-assessed your app or game using Module A under the Cyber Resilience Act (CRA), drawn up your EU Declaration of Conformity (DoC), and affixed the CE mark. Job done? Not quite. The CRA has specific requirements for how long you need to keep your records.