Skip to content
SynergyBit
CRA services

CRA impact assessment and scoping

Find out which products the CRA applies to, which category they fall into and where your gaps are.

Before you document anything, you need to know exactly what the CRA covers in your case. Scoping is the entry step that stops you from over-engineering – or, conversely, overlooking a product that falls under the CRA.

We go through your portfolio, identify the affected products and your role (manufacturer, importer, distributor), classify the products into categories and compare your current state with the CRA requirements. The result is a clear scope and priorities for the next steps.

What you get

Map of affected products

An assessment of which of your products with digital elements fall under the CRA, plus a portfolio register.

Role and obligations

A clear determination of whether you act as a manufacturer, importer or distributor, and what the CRA requires of you as a result.

Product classification

Classification into categories (default, important classes I and II, critical) and the corresponding conformity assessment route.

Gap analysis and priorities

A comparison of your current state with CRA requirements and a prioritised list of gaps to close.

How it works

  1. 01

    Kick-off workshop

    We go through your portfolio, markets, supply-chain roles and existing processes.

  2. 02

    Analysis and classification

    We assess the CRA impact, classify the products into categories and identify the gaps.

  3. 03

    Scoping report

    We hand over a clear report with the scope, priorities and a recommended way forward.

Outcomes for you

  • Certainty about which products the CRA applies to
  • A clearly defined role and conformity assessment route
  • A prioritised list of gaps
  • A solid basis for a roadmap and budget

Frequently asked questions

How does scoping differ from a consultation?
A consultation is a focused session on your questions; scoping is a structured assessment of the whole portfolio with a written report on scope and categories. It is often the first step of an entire compliance project.
Does the CRA apply to our software without hardware?
Yes. The CRA covers products with digital elements, which includes standalone software. During scoping we determine exactly how it applies to your product.
How long does scoping take?
For a smaller portfolio it is a matter of days; for a larger one, a few weeks. We confirm the scope and timeline after the kick-off workshop.

Related services

Back to services

CRA consultation

A focused consultation with a Cyber Resilience Act expert. We answer your specific questions, validate your decisions and point you to the next steps.

Learn more

Technical documentation preparation

We compile your technical documentation per CRA Annex VII – from product description and risk analysis to SBOM, vulnerability handling and the declaration of conformity.

Learn more

Vulnerability handling process

We set up a complete vulnerability handling process per the CRA – from logging and assessment through remediation and security updates to coordinated disclosure and reporting.

Learn more

Start with CRA before the deadline catches up with you

A free consultation will quickly show you where you stand and the shortest path to compliance.

Book a consultation