ProofwrightInteractive

Which CRA class are you?

Answer three questions about your product and see whether the CRA treats it as default, important, or critical — and what that means.

The CRA sorts every product into a tier that decides how hard you have to prove conformity. Answer three questions about yours.

Is it on the CRA's ‘critical’ list — a smart-meter gateway, a smartcard secure element, or a hardware device with a security box (HSM)?

Is it core security infrastructure — an operating system, an industrial firewall, a tamper-resistant microcontroller, or a public-key / identity-management system?

Does it perform a security function others rely on — password manager, VPN, network management, firewall, antivirus / EDR, or a standalone browser?

Likely CRA classDefault
Conformity route

Self-assessment (internal control)

Where most products land. You self-declare conformity — but still owe the full essential requirements: an SBOM, vulnerability handling, secure-by-default settings, and a technical file.

Indicative only — the CRA's classification lists are the final word, not this tool. Proofwright pins your class to your product and keeps the evidence each route demands.

a taste of Proofwright

It's live.

See the real thing at Proofwright.