Skip to main content

Keeping Your Software's EU DoC Up-to-Date

The EU Declaration of Conformity (DoC) for your app, game, or software isn't a "carve it in stone" document. The Cyber Resilience Act (CRA) expects it to be a living testament to your product's ongoing compliance.

"Shall be Updated as Appropriate"

Article 28, Paragraph 2, of the CRA clearly states that the EU Declaration of Conformity "shall be updated as appropriate". This implies that if significant changes occur related to your software's conformity status, your DoC needs to reflect that.

When Would Updates Be Needed?

Consider updating your software's DoC in scenarios such as:

  • Substantial Modifications: If you make a "substantial modification" to your software (as defined in Article 3, point (30)) that affects its compliance with the CRA's essential requirements or its intended purpose, your original conformity assessment might no longer be fully valid. This would necessitate a review, potentially a new assessment for the modified parts or whole product, and consequently, an updated DoC.
  • Changes to Referenced Standards: If your DoC references specific harmonised standards, common specifications, or cybersecurity certification schemes to claim conformity, and these standards or your adherence to them change significantly, an update might be needed to reflect the current basis of your conformity claim.
  • Changes in Other Referenced Legislation: If your software is also covered by other EU acts mentioned in a single DoC (as per Article 28, Paragraph 3), and your compliance status with those acts changes, the single DoC should be updated.
  • Rectification of Errors: If you discover an error or omission in your original DoC.

The DoC is linked to your technical documentation, which must also be kept current. An update to one may necessitate an update to the other.

Responsibility of the Manufacturer

It's your responsibility as the manufacturer to ensure the DoC accurately reflects the compliance status of the software version(s) it covers throughout the time it's on the market and supported.

Key Takeway

Your software's EU Declaration of Conformity must be a current and accurate document. Be prepared to update it whenever there are significant changes to your product, its compliance basis, or relevant referenced standards, especially after substantial modifications.