← All standards
CRA Article 32Conformity assessment

Notified bodies and testing laboratories

The conformity-assessment bodies and cybersecurity testing labs a manufacturer on a third-party route is most likely to engage. Filter by country and standard.

Do you need a notified body?

Most products with digital elements use internal control (Module A) and the manufacturer self-assesses, affixes the CE marking, and needs no notified body. A third-party conformity assessment, and therefore a notified body, applies to important products in Class II, critical products under Annex IV, and Class I products where the manufacturer does not fully apply the relevant harmonised standards.

Not sure which route applies? Run the free product classifier or the CRA self-assessment.

Verify designation in NANDO before relying on any body

As of 2026-07-14, the European Commission had not yet published notified bodies designated specifically under the CRA. The organisations below are established EU conformity-assessment bodies and accredited cybersecurity testing laboratories, listed as candidates you are likely to work with. None is asserted to hold a CRA designation. Always confirm current status in the official NANDO database.

Showing 10 of 10 organisations.

TÜV SÜD

Germany

Accredited lab
ETSI EN 303 645IEC 62443EUCCRED 3.3

Notified body under other EU directives and an accredited cybersecurity testing lab. CRA designation not confirmed.

Visit website →

TÜV Rheinland

Germany

Accredited lab
ETSI EN 303 645IEC 62443EUCC

Accredited cybersecurity testing lab. CRA designation not confirmed.

Visit website →

DEKRA

Germany

Accredited lab
ETSI EN 303 645EUCCRED 3.3

Accredited cybersecurity and RED testing lab. CRA designation not confirmed.

Visit website →

Applus+ Laboratories

Spain

Accredited lab
ETSI EN 303 645Common CriteriaEUCC

ITSEF / Common Criteria evaluation lab. CRA designation not confirmed.

Visit website →

SGS

Belgium

Accredited lab
ETSI EN 303 645RED 3.3IEC 62443

Global testing, inspection and certification body. CRA designation not confirmed.

Visit website →

Bureau Veritas

France

Accredited lab
ETSI EN 303 645RED 3.3

Conformity-assessment body active in connected-product testing. CRA designation not confirmed.

Visit website →

Eurofins Cyber Security

Netherlands

Accredited lab
ETSI EN 303 645Common CriteriaEUCCIEC 62443

Network of accredited security evaluation labs across the EU. CRA designation not confirmed.

Visit website →

UL Solutions

Germany

Accredited lab
ETSI EN 303 645IEC 62443

Accredited testing lab with EU operations. CRA designation not confirmed.

Visit website →

DNV

Norway

Accredited lab
IEC 62443

Certification body strong in industrial and OT security. CRA designation not confirmed.

Visit website →

CyberCert Labs

European Union

Candidate
ETSI EN 303 645

Independent testing laboratory positioned as a candidate CRA notified body. Designation not confirmed in NANDO.

Assemble an audit-ready technical file first

Whether you self-assess or engage a notified body, your Annex VII technical file is the deliverable.

Get Started for Free