Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 Oct... (32024R2847)
Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) (Text with EEA relevance)
- REGULATION (EU) 2024/2847 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
- of 23 October 2024
- on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act)
- (Text with EEA relevance)
- CHAPTER I
- GENERAL PROVISIONS
- Article 1
- Subject matter
- Article 2
- Scope
- Article 3
- Definitions
- Article 4
- Free movement
- Article 5
- Procurement or use of products with digital elements
- Article 6
- Requirements for products with digital elements
- Article 7
- Important products with digital elements
- Article 8
- Critical products with digital elements
- Article 9
- Stakeholder consultation
- Article 10
- Enhancing skills in a cyber resilient digital environment
- Article 11
- General product safety
- Article 12
- High-risk AI systems
- CHAPTER II
- OBLIGATIONS OF ECONOMIC OPERATORS AND PROVISIONS IN RELATION TO FREE AND OPEN-SOURCE SOFTWARE
- Article 13
- Obligations of manufacturers
- Article 14
- Reporting obligations of manufacturers
- Article 15
- Voluntary reporting
- Article 16
- Establishment of a single reporting platform
- Article 17
- Other provisions related to reporting
- Article 18
- Authorised representatives
- Article 19
- Obligations of importers
- Article 20
- Obligations of distributors
- Article 21
- Cases in which obligations of manufacturers apply to importers and distributors
- Article 22
- Other cases in which obligations of manufacturers apply
- Article 23
- Identification of economic operators
- Article 24
- Obligations of open-source software stewards
- Article 25
- Security attestation of free and open-source software
- Article 26
- Guidance
- CHAPTER III
- CONFORMITY OF THE PRODUCT WITH DIGITAL ELEMENTS
- Article 27
- Presumption of conformity
- Article 28
- EU declaration of conformity
- Article 29
- General principles of the CE marking
- Article 30
- Rules and conditions for affixing the CE marking
- Article 31
- Technical documentation
- Article 32
- Conformity assessment procedures for products with digital elements
- Article 33
- Support measures for microenterprises and small and medium-sized enterprises, including start-ups
- Article 34
- Mutual recognition agreements
- CHAPTER IV
- NOTIFICATION OF CONFORMITY ASSESSMENT BODIES
- Article 35
- Notification
- Article 36
- Notifying authorities
- Article 37
- Requirements relating to notifying authorities
- Article 38
- Information obligation on notifying authorities
- Article 39
- Requirements relating to notified bodies
- Article 40
- Presumption of conformity of notified bodies
- Article 41
- Subsidiaries of and subcontracting by notified bodies
- Article 42
- Application for notification
- Article 43
- Notification procedure
- Article 44
- Identification numbers and lists of notified bodies
- Article 45
- Changes to notifications
- Article 46
- Challenge of the competence of notified bodies
- Article 47
- Operational obligations of notified bodies
- Article 48
- Appeal against decisions of notified bodies
- Article 49
- Information obligation on notified bodies
- Article 50
- Exchange of experience
- Article 51
- Coordination of notified bodies
- CHAPTER V
- MARKET SURVEILLANCE AND ENFORCEMENT
- Article 52
- Market surveillance and control of products with digital elements in the Union market
- Article 53
- Access to data and documentation
- Article 54
- Procedure at national level concerning products with digital elements presenting a significant cybersecurity risk
- Article 55
- Union safeguard procedure
- Article 56
- Procedure at Union level concerning products with digital elements presenting a significant cybersecurity risk
- Article 57
- Compliant products with digital elements which present a significant cybersecurity risk
- Article 58
- Formal non-compliance
- Article 59
- Joint activities of market surveillance authorities
- Article 60
- Sweeps
- CHAPTER VI
- DELEGATED POWERS AND COMMITTEE PROCEDURE
- Article 61
- Exercise of the delegation
- Article 62
- Committee procedure
- CHAPTER VII
- CONFIDENTIALITY AND PENALTIES
- Article 63
- Confidentiality
- Article 64
- Penalties
- Article 65
- Representative actions
- CHAPTER VIII
- TRANSITIONAL AND FINAL PROVISIONS
- Article 66
- Amendment to Regulation (EU) 2019/1020
- Article 67
- Amendment to Directive (EU) 2020/1828
- Article 68
- Amendment to Regulation (EU) No 168/2013
- Article 69
- Transitional provisions
- Article 70
- Evaluation and review
- Article 71
- Entry into force and application
- ANNEX I
- ESSENTIAL CYBERSECURITY REQUIREMENTS
- Part I Cybersecurity requirements relating to the properties of products with digital elements
- Part II Vulnerability handling requirements
- ANNEX II
- INFORMATION AND INSTRUCTIONS TO THE USER
- ANNEX III
- IMPORTANT PRODUCTS WITH DIGITAL ELEMENTS
- Class I
- Class II
- ANNEX IV
- CRITICAL PRODUCTS WITH DIGITAL ELEMENTS
- ANNEX V
- EU DECLARATION OF CONFORMITY
- ANNEX VI
- SIMPLIFIED EU DECLARATION OF CONFORMITY
- ANNEX VII
- CONTENT OF THE TECHNICAL DOCUMENTATION
- ANNEX VIII
- CONFORMITY ASSESSMENT PROCEDURES
- Part I Conformity assessment procedure based on internal control (based on module A)
- Part II EU-type examination (based on module B)
- Part III Conformity to type based on internal production control (based on module C)
- Part IV Conformity based on full quality assurance (based on module H)
Feedback