Article 28 Regulation (EU) 2024/2847 · Chapter III 法規 (EU) 2024/2847 · 第三章
EU declaration of conformity — the public-facing statement 歐盟符合性聲明,對外公開的聲明
If the technical file is what the manufacturer keeps, the EU Declaration of Conformity is what the manufacturer signs and ships. One signed sheet — Annex V's eight items — that legally commits the company to its product's CRA compliance. Article 28 defines its anatomy. 技術檔案是製造商留存的東西,歐盟符合性聲明則是製造商簽字後隨產品出貨的東西。一張簽字的單頁,附件五之八項,法律上將公司綁定於其產品的 CRA 合規。第 28 條定義此聲明的解剖。
Block 1 · Official text 區塊 1 · 官方條文
What the Regulation actually says 條文實際怎麼寫
Source. Consolidated text from Regulation (EU) 2024/2847 as published in OJ L 2024/2847, 20 November 2024. Translation is unofficial; refer to EUR-Lex for binding text. 來源。條文自《法規 (EU) 2024/2847》整合文本,發布於 OJ L 2024/2847,2024 年 11 月 20 日。中文為非官方翻譯。
Manufacturer drafts the DoC; Annex V structure 製造商起草 DoC;附件五結構 ¶ 1 – 2
1. The EU declaration of conformity shall be drawn up by manufacturers in accordance with Article 13(12) and state that the fulfilment of the applicable essential cybersecurity requirements set out in Annex I has been demonstrated.
1. 歐盟符合性聲明應由製造商依第 13(12) 條起草,並聲明已示範符合附件一所載適用之基本網路安全要求。
2. The EU declaration of conformity shall have the model structure set out in Annex V and shall contain the elements specified in the relevant conformity assessment procedures set out in Annex VIII. Such a declaration shall be updated as appropriate. It shall be made available in the languages required by the Member State in which the product with digital elements is placed on the market or made available on the market. The simplified EU declaration of conformity referred to in Article 13(20) shall have the model structure set out in Annex VI. It shall be made available in the languages required by the Member State in which the product with digital elements is placed on the market or made available on the market.
2. 歐盟符合性聲明應採附件五所定之模型結構,並含附件八相關符合性評鑑程序所載要素。該聲明應視情形更新。應以具數位元素產品投放或於市場提供之會員國所要求之語言提供。第 13(20) 條所指之簡化歐盟符合性聲明,應採附件六所定之模型結構,並以同樣之會員國所要求之語言提供。
Single DoC for multiple Union legal acts 多部聯盟法律行為之單一 DoC ¶ 3
3. Where a product with digital elements is subject to more than one Union legal act requiring an EU declaration of conformity, a single EU declaration of conformity shall be drawn up in respect of all such Union legal acts. That declaration shall contain the identification of the Union legal acts concerned, including their publication references.
3. 具數位元素產品同時受一部以上要求歐盟符合性聲明之聯盟法律行為拘束時,應就所有此等聯盟法律行為製備單一歐盟符合性聲明。該聲明應載明所涉聯盟法律行為之識別資訊,包括其發布引用。
Per Recital 88, the single declaration may take the form of a dossier of individual declarations, to reduce administrative burden when one underlying Union act changes.
依 Recital 88,當其中一部基礎聯盟法律行為變更時,為降低行政負擔,單一聲明得採由個別 DoC 組成之卷宗形式。
Sole responsibility on the manufacturer 製造商獨自承擔責任 ¶ 4
4. By drawing up the EU declaration of conformity, the manufacturer shall assume responsibility for the compliance of the product with digital elements.
4. 製造商以製備歐盟符合性聲明承擔具數位元素產品之符合性責任。
Annex V item 3 makes this explicit on the face of the declaration: "A statement that the EU declaration of conformity is issued under the sole responsibility of the provider".
附件五第 3 項在聲明本身面上明示:「聲明歐盟符合性聲明係於提供者獨自責任下簽發。」
Delegated-act power to add Annex V elements 附件五要素之授權法案權限 ¶ 5
5. The Commission is empowered to adopt delegated acts in accordance with Article 61 to supplement this Regulation by adding elements to the minimum content of the EU declaration of conformity set out in Annex V to take account of technological developments.
5. 執委會有權依第 61 條採納授權法規補充本法規,以反映科技發展,於附件五所載歐盟符合性聲明之最低內容增添要素。
Annex V — eight required elements 附件五,八項要求要素 Annex V
1. Name and type and any additional information enabling the unique identification of the product with digital elements.
1. 具數位元素產品之名稱、類型及可達成獨特識別之任何額外資訊。
2. Name and address of the manufacturer or its authorised representative.
2. 製造商或其授權代表之名稱與地址。
3. A statement that the EU declaration of conformity is issued under the sole responsibility of the provider.
3. 聲明歐盟符合性聲明係於提供者獨自責任下簽發。
4. Object of the declaration (identification of the product with digital elements allowing traceability, which may include a photograph, where appropriate).
4. 聲明對象(允許可追溯性之具數位元素產品識別,於適當時得包含照片)。
5. A statement that the object of the declaration described above is in conformity with the relevant Union harmonisation legislation.
5. 聲明上述聲明對象符合相關之聯盟調和立法。
6. References to any relevant harmonised standards used or any other common specification or cybersecurity certification in relation to which conformity is declared.
6. 所採用之相關調和標準、或於其下宣告符合性之任何其他共通規範或網路安全認證之引用。
7. Where applicable, the name and number of the notified body, a description of the conformity assessment procedure performed and identification of the certificate issued.
7. 適用時,指定機構之名稱與編號、所執行符合性評鑑程序之描述、所簽發證書之識別資訊。
8. Additional information; signed for and on behalf of (place and date of issue, name, function, signature).
8. 補充資訊;代表簽署(簽發地與日期、姓名、職務、簽名)。
Annex VI — Simplified EU DoC: "Hereby, [name of manufacturer] declares that the product with digital elements type [designation] is in compliance with Regulation (EU) 2024/2847. The full text of the EU declaration of conformity is available at the following internet address: [...]". Used per Article 13(20) where space-constrained packaging cannot carry the full DoC.
附件六,簡化歐盟 DoC:「茲此,[製造商名稱] 聲明具數位元素產品類型 [類型代號] 符合法規 (EU) 2024/2847。歐盟符合性聲明完整文本可於下列網址取得:[...]」。依第 13(20) 條,於包裝空間不足以承載完整 DoC 時使用。
Block 2 · Plain language 區塊 2 · 白話解讀
The signed sheet — small document, large legal weight 一張簽字單頁,文件小、法律份量重
The EU Declaration of Conformity is a one-page legal artefact. It is what a customs officer sees, what a market surveillance authority demands, what a buyer expects in commercial documentation. Article 28 says four things about it: who drafts it (manufacturer), what it must say (Annex V eight items), what languages it must be in (those required by the placing/making-available Member State), and what consolidation rules apply (single DoC for multi-regulation products).
Three subtleties that matter in practice.
The DoC is per-product-model, not per-shipment. A new DoC is needed when the product itself materially changes — a substantial modification per Article 3 point 41 — but not when the same product ships out next week. This is sometimes misunderstood by ODMs accustomed to per-shipment paperwork like commercial invoices and EUR.1 origin certificates. The DoC sits with the product type/model and travels with every unit of that model. Annex V item 4 ("identification of the product with digital elements allowing traceability") allows but does not mandate a serial number — a model number suffices.
"Updated as appropriate" is heavier than it sounds. Article 28(2) requires the DoC to be updated as appropriate. When does that bite? When a software update changes the version covered by Annex V item 1 (which captures "version of software affecting compliance with essential cybersecurity requirements"); when a new harmonised standard is cited in OJEU and the manufacturer chooses to apply it; when a notified body re-issues a certificate; when an authorised representative changes. Each of these triggers a new DoC version. The 10-year retention obligation under Article 13(12) accumulates these versions, not just the most recent one.
Single DoC for multi-regulation products is mandatory, not optional. Article 28(3) uses "shall" — when a product is subject to more than one Union legal act requiring an EU DoC (CRA + RED, CRA + Machinery Regulation, CRA + AI Act, etc.), the manufacturer must issue a single DoC. Recital 88 clarifies this single DoC may be a dossier of individual DoCs. The point of the rule is to give market surveillance authorities one document to look at, not to force literally one combined sheet — but the manufacturer must produce that consolidated form, not separate per-regulation DoCs in independent locations.
A practical layout note. The Annex V eight items are minimum content; nothing prevents adding context (a contact email, a publication URL, a CE marking pictogram). What cannot be added is anything that creates ambiguity about what is being declared, who is declaring it, or what regulatory framework applies. The DoC is a legal document, not a marketing document.
EU Declaration of Conformity 是一份單頁的法律文件。海關官員會看到它、市場監督機關會調閱它、買家會在商業文件中要求它。第 28 條對它規定了四件事:誰起草(製造商)、必須載明什麼(附件五 8 項)、必須用什麼語言(投入或上市會員國所要求的)、適用什麼合併規則(多部法規產品的單一 DoC)。
三個實務上很重要的細節:
DoC 是「每個產品型號」一份,不是「每次出貨」一份。產品本身發生實質變化(依第 3(41) 條的 substantial modification)才需要新 DoC,同一產品下週再出貨並不需要。這點有時候會被習慣商業發票、EUR.1 原產地證明這類「每次出貨文件」的 ODM 誤解。DoC 跟著產品型號 / 機型走,隨該型號每一單位附帶。附件五項次 4(「允許可追溯性的具數位元素產品識別」)允許但不強制要求序號,機型編號就夠。
「視情況更新」的份量比聽起來重。第 28(2) 條要求 DoC 視情況更新。什麼時候會觸發?軟體更新導致附件五項次 1 所載版本(「影響網路安全要求合規的軟體版本」)變更時;新 hEN 在 OJEU 被引用、且製造商選擇適用時;指定機構重發 certificate 時;授權代表變更時。任一觸發就產生新版 DoC。第 13(12) 條 10 年保存義務累計所有這些版本,不只是最新版。
多部法規產品的單一 DoC 是強制,不是選項。第 28(3) 條用「shall」:當產品同時被一部以上要求 EU DoC 的聯盟法律規範時(CRA + RED、CRA + 機械規章、CRA + AI Act 等),製造商必須簽發單一 DoC。Recital 88 澄清,這份單一 DoC 可以是個別 DoC 的卷宗。這條規則的要點是給市場監督機關一份文件能看,不是強制要把所有東西字面上合併在一張單頁上,但製造商必須產出這個合併形式,不能在獨立位置產出個別法規的 DoC。
實用排版提示:附件五 8 項是最低內容;不禁止你加上更多上下文(聯絡 email、發布網址、CE 標示 pictogram)。但不可以加入「會讓聲明什麼、誰聲明、適用什麼規管框架變得含糊」的東西。DoC 是法律文件,不是行銷文件。
Block 3 · APAC perspective 區塊 3 · APAC 觀點
Three operational gotchas APAC ODMs typically miss APAC ODM 通常會漏掉的三個操作陷阱
APAC manufacturers already produce EU DoCs for RED, EMC and LVD compliance. The CRA-side DoC looks superficially similar — same legal genre, same Annex-V style template — but three operational details typically catch teams unprepared.
APAC 製造商已經為 RED、EMC、LVD 合規簽發過 EU DoC。CRA 側 DoC 表面上看起來很像,同樣的法律類型、同樣的附件五風格模板,但三個操作細節常常絆倒沒準備的團隊。
Software-version traceability inside item 1. Annex V item 1 calls for "name and type and any additional information enabling the unique identification of the product". The Commission's CRA FAQ confirms this includes "versions of software affecting compliance with essential cybersecurity requirements" (consistent with Annex VII item 1(b)). For an industrial gateway shipped with firmware v3.4.1 in December 2027 and patched to v3.4.2 in March 2028, the DoC needs version handling: either a version range (v3.4.x) with the technical file capturing each minor revision, or a new DoC at each version with archive linking. APAC ODMs accustomed to "model XYZ-1234" as the single identifier on a RED DoC need to build version-tracking infrastructure into their DoC issuance workflow.
項次 1 裡的軟體版本可追溯性。附件五項次 1 要求「名稱、類型、跟任何能達成獨特識別的額外資訊」。執委會 CRA FAQ 確認這包含「影響網路安全要求合規的軟體版本」(跟附件七項次 1(b) 一致)。一台 2027 年 12 月以韌體 v3.4.1 出貨、2028 年 3 月修補到 v3.4.2 的工業閘道,DoC 必須處理版本:或者用版本區間(v3.4.x)、由技術檔案捕捉每個 minor 版本;或者每個版本一份新 DoC 加封存連結。習慣在 RED DoC 上以「型號 XYZ-1234」作為單一識別子的 APAC ODM,必須把版本追蹤基礎建設整合進 DoC 簽發工作。
Authorised representative naming on item 2. APAC manufacturers without an EU presence must designate an authorised representative under Article 18 to be named on the DoC. Many ODMs delegate this to the EU customer (the brand owner who imports), but Article 18 contemplates a manufacturer-appointed representative — not an importer-by-default. Where an OEM ships finished product carrying its own brand, naming the importer on Annex V item 2 in lieu of an authorised representative is non-compliant. The fix is a written authorisation under Article 18 that designates an EU-based legal entity (own subsidiary, representative-as-a-service provider, or specific contract with the EU customer who agrees to act as authorised representative).
項次 2 的授權代表具名。沒有歐盟設立的 APAC 製造商必須依第 18 條指定授權代表並在 DoC 上具名。很多 ODM 把這個委給歐盟客戶(負責進口的品牌方)處理,但第 18 條指的是由製造商委任的代表,不是預設的進口商。OEM 以自有品牌出貨成品時,在附件五項次 2 用進口商代替授權代表是不合規的。修正方式是依第 18 條的書面授權,指定一家設立於歐盟的法人(自家子公司、代表服務商、或跟願意擔任授權代表的歐盟客戶的具體合約)。
The "single DoC" obligation hits stacked-regulation products hard. A typical Taiwan-manufactured industrial controller might ship into the EU under RED (radio component), Machinery Regulation (EU 2023/1230), Low Voltage Directive (LVD), EMC Directive, and now CRA — five Union acts requiring conformity declaration. Article 28(3) requires one DoC. Existing TIC/EMC/RED DoCs almost certainly do not include CRA references. The migration work is non-trivial: every multi-regulation product currently shipping needs DoC reissuance to add CRA references and Annex VII technical-file pointers. ODMs with hundreds of SKUs face material document-system work for the 2027 deadline.
「單一 DoC」義務對受多部法規規範的產品打擊重大。典型的台灣製工業控制器出貨歐盟,可能涉及 RED(無線元件)、機械規章(EU 2023/1230)、低電壓指令(LVD)、EMC 指令、再加 CRA:五部聯盟法律都要求符合性聲明。第 28(3) 條要求一份 DoC。既有的 TIC / EMC / RED DoC 幾乎一定不含 CRA 引用。遷移工作不小:目前出貨的每件多法規產品都需要重發 DoC,加入 CRA 引用跟附件七技術檔案指標。有數百 SKU 的 ODM,會在 2027 年截止日前面對實質的文件系統工作量。
A note on the language obligation. Article 28(2) requires the DoC to be made available in the languages the placing/making-available Member State requires. In practice almost all Member States accept English as a working language for the DoC alongside the local-language user manual; some (notably France, Belgium, parts of Eastern Europe) may require local-language DoCs for consumer products. The DoC's languages are decoupled from the technical file's languages (Article 31(4) is about the notified-body interaction, not the public DoC) — so an English DoC paired with a Polish technical file is internally consistent if the Polish-speaking notified body accepts it.
關於語言義務的提示:第 28(2) 條要求 DoC 用投入 / 提供會員國所要求的語言提供。實務上幾乎所有會員國都接受英文作為 DoC 工作語言、搭配當地語言使用者手冊;部分國家(特別是法國、比利時、東歐部分)可能對消費產品要求當地語言 DoC。DoC 的語言跟技術檔案的語言是脫鉤的(第 31(4) 條規範的是指定機構互動,不是公開 DoC),所以英文 DoC 搭配波蘭文技術檔案在內部是一致的,前提是波蘭語指定機構接受。
Block 4 · Cross-regulation map 區塊 4 · 跨法規對照
DoC patterns across EU product regulations DoC 模式在歐盟產品法規中的比較
EU Declarations of Conformity follow a common pattern across regulations — name the product, name the manufacturer, list the applicable instruments, list the standards or certificates, sign. The CRA's Annex V matches this template closely. The differences are in retention, signatory rules, and accompanying-product mechanics. The table below maps the CRA DoC against the most common parallel regimes.
歐盟符合性聲明於各法規間遵循共通模式,載產品名、載製造商名、列適用法律工具、列所採標準或證書、簽字。CRA 附件五緊密對應此模板。差異在保存、簽署人規則、隨附產品機制。下表將 CRA DoC 與最常見的平行機制對照。
RED Directive 2014/53/EU
Radio equipment
無線電設備
Annex VI structure (full DoC) and Annex VII (simplified DoC). Six required content items. RED DoC retention is 10 years. RED simplified DoC predates CRA's. Where a product is both RED-scoped and CRA-scoped, Article 28(3) requires consolidated DoC referencing both. RED is repealed for cybersecurity/data-protection scope on 11 Dec 2027.
附件六(完整 DoC)與附件七(簡化 DoC)結構。六項要求內容。 RED DoC 保存 10 年。RED 簡化 DoC 早於 CRA。產品同時受 RED 與 CRA 規範時,第 28(3) 條要求合併 DoC 同時引用兩者。RED 對網路安全 / 資料保護範圍於 2027/12/11 廢止。
Machinery Regulation (EU) 2023/1230
Machinery
機械
Annex V structure. Eight required content items, broadly similar to CRA Annex V. Machinery DoC retention is 10 years from manufacture of last unit (not from placing on market). Includes "person authorised to compile the technical documentation" — separate from manufacturer or authorised representative; CRA does not have an equivalent role.
附件五結構。八項要求內容,與 CRA 附件五大致相似。 機械 DoC 保存自最後一台製造起 10 年(非自投入市場)。含「獲授權彙整技術文件的人」:與製造商或授權代表分離;CRA 無對應角色。
EMC Directive 2014/30/EU
Electromagnetic compatibility
電磁相容
Annex IV structure. Six required content items. Pure self-declaration regime — no notified body involvement at all. CRA Class II / Critical products require NB engagement, so the DoC under Article 28 will name an NB where EMC's DoC will not.
附件四結構。六項要求內容。 純自我宣告制度,完全無指定機構介入。CRA Class II / 關鍵產品需 NB 介入,故第 28 條下 DoC 將具名 NB,EMC DoC 則不會。
AI Act (EU) 2024/1689
High-risk AI systems
高風險 AI 系統
Article 47 + Annex V. Eight required content items, including statement that EU declaration covers AI Act and any other applicable EU acts. When CRA Article 12 applies, the AI Act DoC and CRA DoC are merged into one document under Article 28(3). Annex V item 1 of CRA must accommodate AI-system identifiers (model name, training-data version) in addition to product hardware identifiers.
第 47 條與附件五。八項要求內容,含 EU 聲明涵蓋 AI Act 及任何其他適用 EU 法規的聲明。 CRA 第 12 條適用時,AI Act DoC 與 CRA DoC 依第 28(3) 條合併為一份文件。CRA 附件五項次 1 須容納 AI 系統識別子(型號名稱、訓練資料版本)以及產品硬體識別子。
Low Voltage Directive 2014/35/EU
Electrical equipment within voltage limits
電壓範圍內的電氣設備
Annex IV structure. Six required content items. Self-declaration only. Same self-declaration model as EMC. CRA's introduction of NB-stamped DoCs for Class II / Critical products is the major novelty for ODMs whose CE marking experience is dominated by self-declaration directives.
附件四結構。六項要求內容。僅自我宣告。 與 EMC 相同自我宣告模型。CRA 為 Class II / 關鍵產品引入 NB 蓋章 DoC,是以自我宣告指令為主要 CE 標示經驗的 ODM 的主要新意。
Medical Devices Regulation (EU) 2017/745
Medical devices
醫療器材
Annex IV structure. Eight required content items, including UDI (Unique Device Identifier). Medical devices are out of CRA scope. The MDR DoC stays separate. Manufacturers in both spaces (a connected medical device + a non-medical accessory) issue two separate DoC families.
附件四結構。八項要求內容,含 UDI(獨特裝置識別子)。 醫療器材於 CRA 範圍外。MDR DoC 保持分離。同時於兩個領域的製造商(聯網醫療器材 + 非醫療配件)簽發兩套獨立 DoC 系列。