Declaration of Conformity 101 — what it is, who needs it, how it's signed

The EU Declaration of Conformity (DoC) is the legal document a manufacturer signs to take personal responsibility for a product meeting all the regulations applicable to it. Without a valid DoC, a CE-marked product cannot legally be placed on the EU market.

This guide covers what a DoC is, which laws require it, what it must contain in 2026, the difference between a DoC and a Technical File, what changes for non-EU manufacturers, the most common mistakes that void it, and what happens the moment you sign.

What a Declaration of Conformity is

A DoC is a one-page (occasionally two-page) document in which the manufacturer declares — under their sole responsibility — that a product meets all the EU directives and regulations that apply to it. It is not issued by an authority. The manufacturer writes it, signs it, keeps a copy on file for ten years, and provides it to anyone in the supply chain who asks.

It must be drawn up in one of the official EU languages, and a copy in the language of the market where the product is sold must accompany the product on first delivery. For a product sold across the European Union, this in practice means making the document available in all 24 official EU languages — either shipped with the product or supplied on request.

Which products need one

If your product carries the CE mark — and almost every IoT, electronic, medical, machinery, or radio product sold in the EU does — then a DoC is mandatory. The list of EU directives and regulations that require one is long. The ones most relevant to hardware in 2026:

A single product is almost always subject to two or more of these at the same time — and one DoC must cover all of them together. A connected industrial sensor with Wi-Fi, mains power, and software updates triggers RED + LVD + EMC + RoHS + CRA simultaneously. A single declaration cites all five.

What it must contain

Each directive defines the minimum content of its DoC (typically in Annex IV or Annex VII), but in practice they overlap. The CRA's Annex V is representative of the modern format. A valid DoC has nine elements:

1. The manufacturer's identification. Registered trade name, full postal address, and country. For legal entities, the address must match the commercial register.
2. The EU Authorised Representative (EC REP), if applicable. Required for any manufacturer established outside the EU/EEA — see the dedicated section below.
3. The product's identification. Name, type, model number, batch or serial number range. Enough detail that an inspector can match the DoC to a unit on a shelf.
4. A statement of sole responsibility. The literal sentence "This declaration of conformity is issued under the sole responsibility of the manufacturer."
5. Identification of the product allowing traceability. Usually a colour photograph of the product, sometimes a CAD render or labelled diagram. Pure text descriptions rarely satisfy.
6. The full list of EU regulations and directives the product complies with. Each cited by its formal reference (e.g. "Regulation (EU) 2024/2847"), not just by short name.
7. References to the harmonised standards applied. For example EN 18031 for CRA cybersecurity, EN 303 645 for IoT consumer security baseline, EN 55032 for EMC, EN IEC 62368-1 for safety. List each standard with its version.
8. Notified Body details, where applicable. Identification number, name, and certificate reference of the Notified Body that performed conformity assessment (when the chosen module requires one).
9. Place of issue, date of issue, name and role of the signatory, and the signature itself. Handwritten or qualified electronic — both are legally equivalent under eIDAS Regulation 910/2014.

The whole thing fits on one A4 page when done well. Some compliance consultants deliver three-page Word documents — that is overkill for the legal requirement and signals process opacity rather than diligence.

DoC vs Technical File — the distinction that costs money

The Declaration of Conformity is not the same thing as the Technical File. Conflating the two is the single most common mistake first-time manufacturers make.

• The DoC is the one-page signed legal statement that ships with the product (or accompanies it on first delivery).
• The Technical File is the evidence bundle that justifies the DoC — schematics, bill of materials, software architecture, risk assessment, test reports, traceability records, the full list of harmonised standards applied, design rationale, manufacturing process description, and post-market surveillance records.

Customers and distributors only see the DoC. Market surveillance authorities and Notified Bodies inspect the Technical File when investigating an incident or a complaint. Both documents must be retained for the same minimum period (ten years for most directives), and both must remain accurate when the product or its underlying regulations change.

A DoC without a complete Technical File behind it is a signature on a claim you cannot defend. That is the failure mode that leads to product recalls and personal liability.

Non-EU manufacturers — when you need an EC REP

If your company is not established in the EU or the EEA, you cannot legally place a CE-marked product on the EU market under your own name alone. You must appoint an EU Authorised Representative — commonly abbreviated EC REP — a natural or legal person established in the EU who agrees in writing to perform a defined set of tasks on your behalf.

The EC REP's responsibilities under the Cyber Resilience Act Article 13, RED Article 11, and parallel articles in the other directives include: holding a copy of the DoC and Technical File for the retention period, cooperating with market surveillance authorities, providing information in the language of the authority, and acting on identified compliance failures.

The EC REP's name and contact address must appear on the DoC. The EC REP does not assume the manufacturer's product liability, but does assume liability for failing to perform its EC REP duties. Most Asian, US, and UK manufacturers shipping into the EU contract this function with a specialist firm based in Slovakia, Ireland, the Netherlands, or Belgium.

What happens the moment you sign it

Signing the DoC is a legal act with three consequences a lot of first-time founders underestimate:

1. You take personal responsibility for the product's ongoing conformity. If a market surveillance authority opens an investigation — for a safety incident, a recall, or a customer complaint — the signature on the DoC names you. Sanctions under EU Market Surveillance Regulation 2019/1020 Article 14 can include product withdrawal, recall, import bans, administrative fines, and in serious cases criminal proceedings.
2. The product can be placed on the market. Distributors and importers across the EU will refuse to ship a CE-marked product without the DoC on file. Customs authorities can request it at the border and impound shipments without it.
3. You commit to keeping it valid. When a cited regulation is amended — say, the CRA gets revised — and your product no longer conforms to the new text, the existing DoC becomes invalid and you must reissue. The clock starts the day the amendment enters into force, not the day you find out about it.

Common mistakes that void your DoC

Patterns we see again and again in Inovasense compliance work and in the Cenitia review pipeline:

• Citing a repealed directive. The Low Voltage Directive is 2014/35/EU, not the long-superseded 2006/95/EC. Citing the old version invalidates the declaration. EUR-Lex is the only source of truth — never copy a citation from another company's DoC without verifying.
• Wrong or outdated harmonised standard version. Standards get amended; a DoC that cites EN 18031:2024 must reference the actually-published version with date. Citing a draft version (prEN) is invalid.
• No Notified Body number where one is required. If your product takes the RED Annex IV path because not all harmonised standards apply, the four-digit NB identification number must appear on the DoC and beside the CE mark. Missing it is grounds for product withdrawal.
• Signature without role. The signer's title must be explicit — "Managing Director", "Head of Quality", "Compliance Officer". A bare name signature is non-binding under most member state interpretations.
• No EC REP for non-EU manufacturers. A common Asian-OEM mistake — the manufacturer signs the DoC under its own name with no EU-resident representative. The product is then refused at customs.
• Wrong language for the market of sale. Selling in Germany requires the DoC in German on first delivery. English-only is legally insufficient even though it is permitted as the original drafting language.
• Outdated reference to repealed harmonised standard. When OJ C publishes a new harmonised standard version, the previous version is withdrawn after a transition period. Citing a withdrawn standard means the presumption of conformity no longer applies.
• One DoC per directive instead of one combined. First-time manufacturers sometimes issue four DoCs (one per directive). The legally correct format is one DoC citing all applicable directives for a single product.

Most of these mistakes are mechanical, not conceptual — which is why automation closes the gap. Cenitia checks every item against the canonical EUR-Lex source at draft time and flags inconsistencies before signing.

How Cenitia changes the workflow

Drafting a CRA-compliant DoC from scratch traditionally costs €3,000–€15,000 in consultant fees and takes four to eight weeks of back-and-forth. The signed PDF lives in someone's inbox; the cited regulations are not actively tracked; a regulatory amendment six months later silently invalidates the document.

Cenitia generates a draft in about an hour, with every claim citing the exact EUR-Lex article it draws from, signs it cryptographically, attaches a public QR verification URL that anyone can scan to confirm authenticity, and watches each cited regulation upstream — when one amends, the affected document is flagged automatically.

For products that need a Notified Body, a qualified ENISA assessment, or full lifecycle compliance management, our parent company Inovasense provides expert-led consulting; the two are complementary, not competing.

Frequently asked questions

How long must I keep the Declaration of Conformity on file?

For most CE-marking directives, ten years from the date the last unit was placed on the market. CRA Annex V codifies the 10-year retention for products with digital elements. The Medical Device Regulation (MDR) extends this to 10–15 years depending on device class. Keep both the DoC and the supporting Technical File for the same period.

Can one Declaration of Conformity cover multiple product variants?

Yes, provided the variants share the same essential characteristics and are subject to the same EU directives. Variants must be individually identifiable on the document (model numbers, SKUs, batch ranges). Article 18(2) of the Radio Equipment Directive expressly permits one DoC per product family. Where variants diverge on a covered directive — e.g. one variant adds a radio module — they need separate DoCs.

What language must the Declaration of Conformity be in?

The DoC must be drawn up in one of the official languages of the European Union. A translation into the official language(s) of the EU member state where the product is sold must accompany the product on first delivery. For a product sold across the EU, this in practice means producing the DoC in 24 EU languages — or providing translations on request and shipping the original with the product.

Who is allowed to sign the Declaration of Conformity?

A person formally authorised by the manufacturer to make legally binding commitments on its behalf. In practice this is typically the CEO, managing director, quality manager, or compliance officer. The person's full name and role must be printed on the document alongside the place and date of issue. There is no requirement for the signer to be an engineer; legal authorisation is what matters.

What are the penalties if I sign a Declaration of Conformity for a non-compliant product?

Personal and corporate liability under Article 14 of EU Market Surveillance Regulation 2019/1020. Sanctions vary by member state but include product withdrawal, recall, import bans, administrative fines, and in serious cases criminal proceedings. The Cyber Resilience Act (Article 64) sets ceilings up to €15 million or 2.5% of global annual turnover for the most serious breaches. Civil liability for resulting harm runs in parallel under the EU Product Liability Directive.

Do I need a Notified Body to sign the Declaration of Conformity?

Usually no. Most CE-marking directives offer a self-assessment route (Module A) where the manufacturer evaluates conformity against harmonised standards and signs the DoC on that basis. A Notified Body becomes mandatory only for higher-risk products — most radio equipment under RED Annex IV when harmonised standards are not fully applied, medical devices Class IIa and above, and certain machinery categories. The Notified Body's identification number then appears on the DoC and the CE mark.

What is the difference between a Declaration of Conformity and a Technical File?

The Declaration of Conformity is the one-page legal statement signed by the manufacturer. The Technical File is the supporting evidence bundle that justifies that statement — schematics, BOM, test reports, risk analysis, software architecture, traceability records, and the list of harmonised standards applied. Market surveillance authorities and Notified Bodies inspect the Technical File on request; the DoC is what ships with the product and what customers see.

Further reading

Primary EU sources (EUR-Lex):

• Cyber Resilience Act — Regulation (EU) 2024/2847
• Radio Equipment Directive — 2014/53/EU
• Low Voltage Directive — 2014/35/EU
• EMC Directive — 2014/30/EU
• RoHS Directive — 2011/65/EU
• Machinery Regulation — (EU) 2023/1230
• General Product Safety Regulation — (EU) 2023/988
• EU Market Surveillance Regulation — (EU) 2019/1020

Official guidance and tooling:

• European Commission — CE marking overview
• List of harmonised standards by directive
• NANDO — Notified Body database
• Blue Guide on the implementation of EU product rules

Last reviewed: 5 June 2026. Cited regulations watched continuously by Cenitia — when one amends, this article is flagged for update.