Article 28 requires manufacturers to draw up an EU Declaration of Conformity (DoC) before placing a product with digital elements on the EU market. The DoC is the formal document in which the manufacturer declares that the product meets all applicable CRA essential requirements. Article 28 specifies exactly what information the DoC must contain, making it a legally binding compliance statement that supports the CE marking.
What the EU Declaration of Conformity Must Contain
Article 28 specifies the minimum information that must appear in the EU Declaration of Conformity. The declaration must include:
- Product identification: The product name, type, batch, serial number, or other element allowing unambiguous identification
- Manufacturer details: Name and address of the manufacturer; if applicable, the authorised representative's name and address
- Declaration statement: A statement that the manufacturer takes sole responsibility for the declaration of conformity
- Regulatory basis: Identification of the CRA as the legislation to which the declaration relates, with specific references to Article 5 and Annex I
- Standards or specifications: References to relevant harmonised standards applied, or to common specifications or other technical specifications used
- Conformity assessment procedure: Identification of the conformity assessment procedure used (the relevant Module from Annex VI)
- Notified body details: Where a notified body was involved, its name, identification number, and the certificate reference
- Additional certifications: References to any other EU legislation under which CE marking is affixed
- Signature information: Place and date of issue, name and function of the signatory
Language and Accessibility Requirements
The EU Declaration of Conformity must be drawn up in one of the official languages of the EU member states where the product is placed on the market. Where a product is sold across multiple EU member states, the declaration may need to be available in multiple languages, or member states may accept an English version for imported products - national rules vary.
The DoC must be kept available and must be accessible to market surveillance authorities throughout the product's active market life and for 10 years afterwards. Manufacturers should have systems for archiving declarations against product identifiers so that the correct version can be retrieved for any product unit.
For products sold in digital formats, the DoC may be made available electronically - for example, as a downloadable PDF on the manufacturer's website - rather than as a physical document accompanying the product. However, Article 28 requires that the DoC is available on request, so digital-only distribution must ensure reliable long-term accessibility.
The Simplified Declaration and Annex IX
Where a product is too small for a full EU Declaration of Conformity to accompany it (for example, a microchip or small embedded component), or where including the full DoC would be disproportionate, Article 28 allows the use of a simplified declaration format.
The simplified declaration, set out in Annex IX, contains a short statement that the full DoC is available at a specified URL. This is particularly relevant for embedded components, IoT devices in miniaturised form factors, and products where packaging space is severely constrained.
Manufacturers using the simplified declaration must ensure that the full DoC is genuinely available at the referenced URL throughout the relevant period and that the URL remains stable. Linking to a corporate homepage that might change structure is not adequate - the URL must resolve directly to the declaration document.
Single Declaration for Multiple Regulations
Many products are subject to multiple EU regulations simultaneously - for example, a Wi-Fi router may be subject to both the CRA and the Radio Equipment Directive (RED). Article 28 permits manufacturers to draw up a single EU Declaration of Conformity that addresses all applicable EU legislation, rather than separate declarations for each regulation.
A combined declaration must clearly identify each regulation to which it applies and the specific essential requirements and conformity assessment procedures relevant to each. Manufacturers taking this approach should ensure the declaration template is comprehensive and that no regulatory reference is overlooked.
The advantage of a combined declaration is administrative simplicity - a single document covers all CE marking obligations. The potential risk is that errors or omissions in the declaration may affect compliance under multiple regulations simultaneously.
Keeping the Declaration Up to Date
The EU Declaration of Conformity is not a static document - it must be updated when product changes occur that affect the product's compliance. If a significant software update changes the product's security properties, or if a new conformity assessment is required due to a material product modification, the DoC must be revised to reflect the updated compliance basis.
Manufacturers should establish version control for their DoCs and maintain a record of which version of the declaration applies to which product versions or production batches. When a declaration is revised, the previous version should be archived but should not be destroyed - authorities may need to review the declaration applicable to a specific historical product batch.
Minor product updates that do not affect compliance - such as software updates that fix bugs without changing security-relevant functionality - generally do not require DoC revision. The threshold for requiring a new declaration should be assessed against the materiality of the change to the product's compliance position.
CVD Portal helps you comply with Article 28 automatically.
Public submission portal, 48-hour acknowledgment tracking, Article 14 deadline alerts, and CSAF advisory generation. Free for Article 14 compliance — for all manufacturers placing products with digital elements on the EU market.
Start your free portalFrequently asked
Who must sign the EU Declaration of Conformity?+
The EU Declaration of Conformity must be signed by the manufacturer or a duly authorised representative. 'Duly authorised' typically means a person with legal authority to commit the manufacturer - such as a director, compliance officer, or technically qualified manager. The signatory takes personal responsibility for the accuracy of the declaration. For non-EU manufacturers, the authorised representative appointed under Article 16 may countersign.
Is the EU Declaration of Conformity the same as a CE certificate?+
No. The EU Declaration of Conformity is a manufacturer's self-declaration. A CE certificate is a document issued by a notified body after a third-party assessment. For default-class products, no CE certificate is required - only the DoC. For Annex III products, a notified body certificate is also required, but it is separate from the DoC. The DoC must reference the certificate if one was obtained.
Can I use a template Declaration of Conformity?+
Yes. Annex V to the CRA provides the structure for the EU Declaration of Conformity. Many manufacturers use a template based on Annex V, customised with their specific product details, regulatory references, and standards. Using a template reduces the risk of omitting required elements, but each declaration must be product-specific - a generic template signed without product-specific completion is not compliant.
What happens if my Declaration of Conformity contains incorrect information?+
Issuing a false or inaccurate Declaration of Conformity is a serious violation that can result in penalties, product withdrawal, and reputational damage. Market surveillance authorities treat inaccurate declarations as evidence of intent to circumvent regulatory requirements, which can escalate enforcement action. Manufacturers should review declarations carefully before signing and should correct errors promptly if discovered.
Can a manufacturer's EU subsidiary act as its authorised representative?+
Yes. An EU-established subsidiary of a non-EU manufacturer can act as the authorised representative, provided it is a legally distinct entity established in the EU and is formally designated through a written mandate. The subsidiary must genuinely hold the technical documentation and be able to interact with authorities independently - it cannot simply route all queries back to the parent without adding value.
Does the authorised representative need to be in the same EU member state where the product is sold?+
No. The authorised representative only needs to be established in any EU member state. Their EU presence enables all 27 member states' authorities to interact with them under EU law. Many manufacturers choose to establish their representative in a member state with a strong tradition of regulatory compliance services, such as Germany, the Netherlands, or Ireland.
What happens if a non-EU manufacturer sells products in the EU without an authorised representative?+
The absence of an authorised representative is itself a CRA violation. Products placed on the EU market without a properly designated authorised representative are non-compliant, which means the CE marking is invalid. Market surveillance authorities can require product withdrawal and impose penalties on the importer or distributor who facilitated the market access, since they would bear joint responsibility.
Is the authorised representative personally liable for the manufacturer's CRA violations?+
The authorised representative can bear liability for failures in their own obligations - such as failure to maintain technical documentation, failure to cooperate with authorities, or failure to relay notifications. They are not automatically liable for the manufacturer's non-compliance with technical requirements, but the line can become blurred where the representative is aware of non-compliance and takes no action.
Related CRA Articles
Need a CVD policy that satisfies Article 28?
Download a free CRA-compliant template and deploy it in minutes.