Skip to main content

Single EU DoC: Software Covered by Multiple EU Acts

Your app, game, or software might not just fall under the Cyber Resilience Act (CRA). It could also be subject to other EU legislation that requires its own EU Declaration of Conformity (DoC). For instance, if your software is embedded in hardware that has radio capabilities, the Radio Equipment Directive (RED) might apply.

Does this mean you need a stack of DoCs for one product? Not necessarily.

The Single DoC Principle

The CRA simplifies this. Article 28, Paragraph 3, states: "Where a product with digital elements is subject to more than one Union legal act requiring an EU declaration of conformity, a single EU declaration of conformity shall be drawn up in respect of all such Union legal acts".

Recital 88 further clarifies this, aiming to ensure effective access to information for market surveillance and to reduce administrative burdens on economic operators. This single DoC can be a dossier made up of relevant individual declarations if that's more practical.

What Your Single DoC Must Include

When you create a single DoC for your software covering the CRA and other applicable EU directives or regulations, it must:

  • Contain the identification of all the Union legal acts concerned, including their publication references (e.g., "Regulation (EU) 2024/2847", "Directive 2014/53/EU for RED").
  • Still meet all the content requirements of Annex V of the CRA for the CRA-specific part.
  • Meet the DoC requirements specific to the other EU acts for their respective parts.

This means one consolidated document (or a clearly linked set) that declares conformity against all relevant pieces of EU harmonisation legislation applicable to your software.

Key Takeway

If your software is subject to the CRA and other EU rules also requiring a DoC (like RED or LVD if embedded in hardware), you should draw up a single EU Declaration of Conformity that covers all of them, clearly identifying each piece of legislation.