Article 18 addresses distributors — entities in the supply chain that make products with digital elements available on the EU market but who are not the manufacturer or importer. Distributors have lighter obligations than manufacturers and importers, but they still have a duty to verify that products are compliant before making them available and to cooperate with authorities when issues arise. Distributors who modify products or sell them under their own name take on manufacturer-level obligations.
Who Is a Distributor Under the CRA
A distributor is any entity in the supply chain other than the manufacturer or importer that makes a product with digital elements available on the EU market. This covers retailers, resellers, wholesalers, and online marketplaces that sell third-party products to EU consumers.
The key distinction from an importer is that the distributor makes products available on the market — typically through an existing EU supply chain — rather than placing them on the market for the first time. Retailers, department stores, electronics resellers, and online platforms are the most common distributor category under the CRA.
Distributors who act only as passive intermediaries — passing products from the supply chain to end users without modification — have lighter obligations than manufacturers and importers. However, 'passive' is interpreted strictly: any modification of the product, its packaging, or its labelling that could affect compliance converts the distributor to a manufacturer under Article 19.
Verification Obligations Before Making Products Available
Before making a product available on the EU market, distributors must verify that the product bears the CE marking and that the required documentation accompanies the product. Specifically, distributors should check:
- That the CE marking is affixed to the product or its packaging
- That the product is accompanied by required information under Annex II
- That the manufacturer's name and contact details are indicated
- That where required, the authorised representative's details are provided
Distributors are not required to conduct deep technical assessments of manufacturer compliance — their verification obligation is primarily documentary and visual. However, where a distributor has reason to believe a product is non-compliant — for example, if the CE marking appears incorrectly applied or if there are obvious security concerns — they must not make the product available until the concern is resolved.
Storage and Transport Obligations
Article 18 requires distributors to ensure that while a product is in their possession, storage and transport conditions do not compromise the product's compliance. For physical products with digital elements, this primarily means ensuring that products are stored and handled in ways that prevent physical tampering with security features.
For software products distributed digitally, distributors must ensure that distribution mechanisms (download links, update servers, application stores) maintain the integrity of the software. Tampered or modified software distributed under the manufacturer's name creates serious compliance risks for the distributor.
Distributors using third-party logistics or distribution platforms should include appropriate contractual requirements regarding product integrity in their logistics agreements.
Actions When Non-Compliance Is Suspected or Confirmed
Where a distributor has reason to believe that a product they have made available on the market does not meet CRA requirements, they must immediately inform the manufacturer or importer and ensure that corrective action is taken. Where the risk is serious, the distributor must also immediately inform national market surveillance authorities.
Distributors must cooperate with national authorities on their request, providing information and documentation necessary to verify compliance. This includes providing records of supply chain transactions, product documentation, and communications with manufacturers and importers.
Where corrective action requires product recall or withdrawal, distributors must cooperate with the recall process — for example, by ceasing sales, contacting customers who purchased affected products, and facilitating returns where necessary.
Traceability and Record Keeping
Distributors must be able to identify the manufacturer and importer for any product they make available. This traceability requirement exists to enable authorities to trace non-compliant products back to their source and to enable recalls to be executed effectively.
Practically, distributors should maintain records of their suppliers, the products they supply, and the relevant compliance documentation provided. Purchase orders, delivery records, and supplier documentation should be retained for a sufficient period to enable traceability. Many distributors maintain these records as part of normal commercial practice, but the CRA creates a legal obligation to ensure traceability specifically for compliance purposes.
Distributors operating at scale — particularly large retailers and online marketplaces — should consider whether their existing supplier management and documentation systems are adequate to meet this traceability requirement across their full product range.
CVD Portal helps you comply with Article 18 automatically.
Public submission portal, 48-hour acknowledgment tracking, Article 14 deadline alerts, and CSAF advisory generation. Free forever.
Start your free portalFrequently asked
Does an online marketplace have the same obligations as a physical retailer under Article 18?+
Yes, online marketplaces that make products available to EU consumers are distributors under the CRA. The EU's Product Safety Regulation (which governs online marketplaces more broadly) and the CRA both apply to marketplace operators. Marketplaces face additional obligations under the Digital Services Act regarding notice and action for non-compliant products listed by third-party sellers.
What if I repackage a product — am I still a distributor?+
Repackaging is specifically addressed in Article 19. If repackaging involves modifying the product itself, its technical documentation, or its compliance information, you may be treated as a manufacturer under Article 19. Even purely cosmetic repackaging that changes product labels or user documentation in ways that affect compliance converts the distributor to a manufacturer. Neutral repackaging that does not affect compliance information may not trigger Article 19.
If I'm a distributor and a manufacturer goes out of business, what are my obligations?+
If a manufacturer ceases operations during a product's support period, distributors who continue to sell the product or who have sold the product may need to inform customers that security updates will no longer be provided. In some cases, an importer may need to take on manufacturer-equivalent obligations under Article 19 to continue selling the product lawfully.
Do distributor obligations apply to digital products sold as downloads?+
Yes. Digital distribution platforms that sell software applications, firmware, or other digital products are distributors under the CRA. The same verification and traceability obligations apply, adapted to the digital distribution context. Download platforms should ensure that the products they distribute carry valid CE declarations and that they have processes to act on compliance notifications.
Need a CVD policy that satisfies Article 18?
Download a free CRA-compliant template and deploy it in minutes.