Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 11 General product safety
Summary What does Article 11 of the CRA regulation say?
This article establishes a bridging relationship between the Cyber Resilience Act and the EU's General Product Safety Regulation (Regulation (EU) 2023/988).
It operates as a targeted exception, activating specific chapters of the General Product Safety Regulation to fill gaps where this Regulation does not cover certain aspects or categories of risk for products with digital elements, provided those products are also not already covered by other Union harmonisation legislation.
Important points:
- Specific chapters of the General Product Safety Regulation apply to products with digital elements, but only for risks or aspects not already addressed by this Regulation.
- This acts as a safety net: the General Product Safety Regulation steps in only where neither the Cyber Resilience Act nor other Union harmonisation legislation provides specific safety requirements.
- The article explicitly carves out an exception to the General Product Safety Regulation's own scope rules to make this cross-regulatory coverage possible.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
By way of derogation from Article 2(1), third subparagraph, point (b), of Regulation (EU) 2023/988, Chapter III, Section 1, Chapters V and VII, and Chapters IX to XI of that Regulation shall apply to products with digital elements with respect to aspects and risks or categories of risks that are not covered by this Regulation where those products are not subject to specific safety requirements laid down in other ‘Union harmonisation legislation’ as defined in Article 3, point (27), of Regulation (EU) 2023/988.
Relevant recitals
Recital 50 The general product safety regulation (GPSR)
This Regulation addresses cybersecurity risks in a targeted manner. Products with digital elements might, however, pose other safety risks, that are not always related to cybersecurity but can be a consequence of a security breach. Those risks should continue to be regulated by relevant Union harmonisation legislation other than this Regulation. If no Union harmonisation legislation other than this Regulation is applicable, they should be subject to Regulation (EU) 2023/988 of the European Parliament and of the Council(21). Therefore, in light of the targeted nature of this Regulation, as a derogation from Article 2(1), third subparagraph, point (b), of Regulation (EU) 2023/988, Chapter III, Section 1, Chapters V and VII, and Chapters IX to XI of Regulation (EU) 2023/988 should apply to products with digital elements with respect to safety risks not covered by this Regulation, if those products are not subject to specific requirements laid down in Union harmonisation legislation other than this Regulation within the meaning of Article 3, point (27), of Regulation (EU) 2023/988.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
incident
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
Union harmonisation legislation
Definition
product with digital elements
Definition
remote data processing
Definition
cybersecurity risk
Definition
electronic information system
Definition
hardware
Definition
software
Footnote 21