Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 18 Authorised representatives
Summary What does Article 18 of the CRA regulation say?
This article deals with the appointment of authorised representatives by manufacturers — essentially allowing a manufacturer to designate a Union-established person or entity to act on its behalf for specific compliance-related tasks.
It connects directly to Article 13, which sets out the core obligations of manufacturers, and importantly clarifies that the most substantive of those manufacturer obligations cannot be delegated to an authorised representative.
The article then sets out the minimum scope of what the mandate must cover, focusing on documentation retention and cooperation with market surveillance authorities.
Important points:
- Manufacturers may appoint an authorised representative via a written mandate, but the core manufacturer obligations under Article 13 cannot be transferred through that mandate.
- The authorised representative must retain the EU declaration of conformity and technical documentation and make these available to market surveillance authorities for at least 10 years after the product is placed on the market, or for the support period, whichever is longer.
- The authorised representative is required to provide information to and cooperate with market surveillance authorities upon request, including on actions to eliminate risks posed by the product.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
A manufacturer may, by a written mandate, appoint an authorised representative.
The obligations laid down in Article 13(1) to (11), Article 13(12), first subparagraph, and Article 13(14) shall not form part of the authorised representative’s mandate.
An authorised representative shall perform the tasks specified in the mandate received from the manufacturer. The authorised representative shall provide a copy of the mandate to the market surveillance authorities upon request. The mandate shall allow the authorised representative to do at least the following:
keep the EU declaration of conformity referred to in Article 28 and the technical documentation referred to in Article 31 at the disposal of the market surveillance authorities for at least 10 years after the product with digital elements has been placed on the market or for the support period, whichever is longer;
further to a reasoned request from a market surveillance authority, provide that authority with all the information and documentation necessary to demonstrate the conformity of the product with digital elements;
cooperate with the market surveillance authorities, at their request, on any action taken to eliminate the risks posed by a product with digital elements covered by the authorised representative’s mandate.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
vulnerability
Definition
component
Definition
cyber threat
Definition
cybersecurity
Definition
manufacturer
Definition
authorised representative
Definition
support period
Definition
product with digital elements
Definition
remote data processing
Definition
electronic information system
Definition
market surveillance authority
Definition
hardware
Definition
software