Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 30 Rules and conditions for affixing the CE marking
Summary What does Article 30 of the CRA regulation say?
This article sets out the practical rules for how manufacturers must affix the CE marking to products with digital elements, building directly on the conformity obligations established in Article 13 and the EU declaration of conformity covered in Article 28.
It covers where and how the marking must appear, with specific accommodations for software products and for products where physical marking is not feasible.
The article also addresses the involvement of notified bodies, the role of Member States in policing misuse of the marking, and a Commission power to introduce additional labels or pictograms related to product security.
Important points:
- Affix the CE marking visibly, legibly, and indelibly to the product before placing it on the market — or, for software, on the EU declaration of conformity or an easily accessible section of the accompanying website.
- Where a notified body is involved in the full quality assurance conformity assessment procedure, the CE marking must be followed by that body's identification number.
- Member States are required to use existing mechanisms to ensure correct application of the CE marking regime and to take action in cases of improper use.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
The CE marking shall be affixed visibly, legibly and indelibly to the product with digital elements. Where that is not possible or not warranted on account of the nature of the product with digital elements, it shall be affixed to the packaging and to the EU declaration of conformity referred to in Article 28 accompanying the product with digital elements. For products with digital elements which are in the form of software, the CE marking shall be affixed either to the EU declaration of conformity referred to in Article 28 or on the website accompanying the software product. In the latter case, the relevant section of the website shall be easily and directly accessible to consumers.
On account of the nature of the product with digital elements, the height of the CE marking affixed to the product with digital elements may be lower than 5 mm, provided that it remains visible and legible.
The CE marking shall be affixed before the product with digital elements is placed on the market. It may be followed by a pictogram or any other mark indicating a special cybersecurity risk or use set out in the implementing acts referred to in paragraph 6.
The CE marking shall be followed by the identification number of the notified body, where that body is involved in the conformity assessment procedure based on full quality assurance (based on module H) referred to in Article 32.
The identification number of the notified body shall be affixed by the body itself or, under its instructions, by the manufacturer or the manufacturer’s authorised representative.
Member States shall build upon existing mechanisms to ensure correct application of the regime governing the CE marking and shall take appropriate action in the event of improper use of that marking. Where the product with digital elements is subject to Union harmonisation legislation, other than this Regulation, which also provides for the affixing of the CE marking, the CE marking shall indicate that the product also fulfils the requirements set out in such other Union harmonisation legislation.
The Commission may, by means of implementing acts, lay down technical specifications for labels, pictograms or any other marks related to the security of the products with digital elements, their support periods and mechanisms to promote their use and to increase public awareness about the security of products with digital elements. When preparing the draft implementing acts, the Commission shall consult relevant stakeholders, and, if it has already been established pursuant to Article 52(15), ADCO. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 62(2).
Relevant recitals
Recital 36 CE marking
Products with digital elements should bear the CE marking to visibly, legibly and indelibly indicate their conformity with this Regulation so that they can move freely within the internal market. Member States should not create unjustified obstacles to the placing on the market of products with digital elements that comply with the requirements laid down in this Regulation and bear the CE marking. Furthermore, at trade fairs, exhibitions and demonstrations or similar events, Member States should not prevent the presentation or use of a product with digital elements which does not comply with this Regulation, including its prototypes, provided that the product is presented with a visible sign clearly indicating that the product does not comply with this Regulation and that it is not to be made available on the market until it does so.
Recital 89 Principles and rules regarding CE marking
The CE marking, indicating the conformity of a product, is the visible consequence of a whole process comprising conformity assessment in a broad sense. The general principles governing the CE marking are set out in Regulation (EC) No 765/2008 of the European Parliament and of the Council(29). Rules governing the affixing of the CE marking on products with digital elements should be laid down in this Regulation. The CE marking should be the only marking which guarantees that products with digital elements comply with the requirements set out in this Regulation.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
incident
Definition
vulnerability
Definition
component
Definition
cyber threat
Definition
cybersecurity
Definition
manufacturer
Definition
authorised representative
Definition
notified body
Definition
Union harmonisation legislation
Definition
support period
Definition
product with digital elements
Definition
conformity assessment
Definition
consumer
Definition
CE marking
Definition
placing on the market
Definition
remote data processing
Definition
conformity assessment body
Definition
cybersecurity risk
Definition
electronic information system
Definition
hardware
Definition
software
Footnote 29