CRA Risk Classifier
Determine your product's risk classification under the Cyber Resilience Act. Understand whether your product falls under Normal, Important, or Critical risk categories and the specific requirements for each level.
Your Classification is Confidential
This assessment runs entirely in your browser. No data is sent to our servers or stored externally. Your product information remains completely private and secure.
CRA Risk Classification
Your CRA Risk Classification
Normal Risk (Class I)
Products with minimal cybersecurity risks that pose no significant threat to users or infrastructure.
- Self-assessment allowed
- Basic security requirements
- Standard documentation
Important Risk (Class II)
Products that serve important functions or could pose moderate risks if compromised.
- Third-party assessment required
- Enhanced security testing
- Detailed risk assessment
Critical Risk (Class III)
Products critical for health, safety, or essential services. Highest security requirements.
- Mandatory conformity assessment
- Comprehensive security evaluation
- Ongoing monitoring required
Why Risk Classification Matters
Compliance Requirements
Different risk levels have different requirements for security testing, documentation, and third-party assessment. Knowing your classification helps you understand exactly what you need to do.
Cost Planning
Higher risk classifications require more extensive testing and documentation. Early classification helps you budget for compliance costs and timeline planning.
Need Help with CRA Compliance?
Our experts can help you navigate the complex requirements for each risk classification and ensure full CRA compliance.