CRA Shield guides iOS and Android developers through classification, assessment, SBOM generation, and compliance documentation.
Why this matters
If your iOS or Android app connects to a network, processes data, or uses third-party libraries — the CRA applies to you.
Without a Software Bill of Materials, vulnerability handling, and conformity documentation — you're non-compliant by default.
Market surveillance authorities can fine developers €15M or 2.5% of global turnover — whichever is higher. Per violation.
Apps pulled from the EU market. User trust shattered. Partners walk away. Recovery takes years — if it happens at all.
The CRA enforcement deadline is 11 December 2027. Don't wait.
Get compliant for €99 →Answer three sets of questions. The wizard checks your app against Annex III and Annex IV triggers and tells you whether you're Default, Class I, or Class II. The trigger definitions update automatically when delegated acts change.
Does your app fall into any of these categories?
Upload your lock files — package.json, Podfile.lock, Package.resolved, build.gradle. CRA Shield parses every component, queries OSV.dev for known vulnerabilities, and generates a CycloneDX 1.5 SBOM.
Four pre-built templates cover all required CRA documentation. Each template is pre-filled from your classification and assessment data. Fill in the remaining fields, generate a PDF, and export your full compliance package as a ZIP.
No subscriptions. No per-seat fees. Pay once, own it forever.
One-time payment. Up to 2 apps.
Get DeveloperOne-time payment. Up to 10 apps.
Get ProfessionalContinuous monitoring. Cancel anytime.
If your app is a commercial product with digital elements placed on the EU market, it likely falls under the CRA. Our three-step classification wizard determines this by checking scope criteria and Annex III/IV triggers specific to your app.
Developer (€99) and Professional (€197) are one-time payments with lifetime access. The Vulnerability Monitoring add-on (€7/month) is the only recurring charge, and it's entirely optional.
npm (package.json, package-lock.json, yarn.lock), CocoaPods (Podfile.lock), Swift Package Manager (Package.resolved), and Gradle (build.gradle). Output is CycloneDX 1.5 JSON format.
No. CRA Shield is a compliance toolkit that helps you organise your CRA effort. All generated documents carry disclaimers. Consult with legal counsel for your specific situation.
One-time payment. No subscriptions. Full compliance toolkit.
Get Started — from €99