Skip to main content

Mandatory Contents of the EU DoC for Software: A Detailed Breakdown

When you create an EU Declaration of Conformity (DoC) for your app, game, or software under the Cyber Resilience Act (CRA), you can't just write anything. Annex V of the CRA provides a model structure and lists the specific information you must include.

Essential Information for Your Software's DoC

Here’s what Annex V mandates, translated for a software context:

  1. Product Identification:
    • Name and type of your software (e.g., "Pixel Adventure Quest Game," "PhotoMagic Editing App").
    • Any additional information for unique identification, like the software version number(s) it applies to.
  2. Manufacturer/Authorised Representative Details:
    • Your name and postal address (as the manufacturer).
    • If an authorised representative is involved, their name and address too.
  3. Statement of Sole Responsibility:
    • A clear statement that the DoC is issued under your (the manufacturer's) sole responsibility.
  4. Object of the Declaration:
    • A description of your software allowing traceability. This could include a more detailed description or even a reference to where screenshots or further details can be found if a photograph isn't applicable for intangible software.
  5. Conformity Statement:
    • A statement that your software product is in conformity with Regulation (EU) 2024/2847 (the CRA) and any other relevant Union harmonisation legislation it might be subject to.
  6. Standards and Specifications Used:
    • References to any relevant harmonised standards, common specifications, or European cybersecurity certification schemes you've used to demonstrate conformity with the CRA.
  7. Notified Body (If Applicable):
    • If a notified body was involved in the conformity assessment (not typical for basic self-assessment of uncritical software, but relevant if you chose a stricter path or for important/critical software), their name, number, and details of the certificate issued.
  8. Additional Information:
    • Signed for and on behalf of the manufacturer.
    • Place and date of issue.
    • Name and function of the signatory (e.g., CEO, Lead Developer).
    • The actual signature.

This information ensures your DoC is complete and meets the CRA's transparency and accountability requirements.

Key Takeway

Annex V provides a clear checklist for your software's DoC content. Ensure every point is covered accurately to meet CRA requirements and clearly state your product's compliance.