Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 36 Notifying authorities
Summary What does Article 36 of the CRA regulation say?
This article establishes the requirement for each Member State to designate a national "notifying authority" — the body responsible for overseeing conformity assessment bodies under the regulation.
It sets out how this function can be organised, including the option to delegate tasks to a national accreditation body or a non-governmental entity, while making clear that ultimate responsibility always remains with the designated notifying authority.
Important points:
- Each Member State is required to designate a notifying authority responsible for assessing, designating, notifying, and monitoring conformity assessment bodies.
- Member States may delegate this function to a national accreditation body or a non-governmental legal entity, provided that entity complies with the requirements set out in Article 37 and has liability arrangements in place.
- Regardless of any delegation, the notifying authority retains full responsibility for all tasks performed by any body it entrusts with these functions.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Each Member State shall designate a notifying authority that shall be responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and their monitoring, including compliance with Article 41.
Member States may decide that the assessment and monitoring referred to in paragraph 1 shall be carried out by a national accreditation body within the meaning of and in accordance with Regulation (EC) No 765/2008.
Where the notifying authority delegates or otherwise entrusts the assessment, notification or monitoring referred to in paragraph 1 of this Article to a body which is not a governmental entity, that body shall be a legal entity and shall comply mutatis mutandis with Article 37. In addition, it shall have arrangements in place to cover liabilities arising from its activities.
The notifying authority shall take full responsibility for the tasks performed by the body referred to in paragraph 3.
Relevant recitals
Recital 98 Notification of conformity assessment bodies
In order to carry out third-party conformity assessment for products with digital elements, conformity assessment bodies should be notified by the national notifying authorities to the Commission and the other Member States, provided they comply with a set of requirements, in particular on independence, competence and absence of conflicts of interest.
Recital 99 Requirements on notifying bodies and accreditation of conformity assessment bodies
In order to ensure a consistent level of quality in the performance of conformity assessment of products with digital elements, it is also necessary to lay down requirements for notifying authorities and other bodies involved in the assessment, notification and monitoring of notified bodies. The system set out in this Regulation should be complemented by the accreditation system provided for in Regulation (EC) No 765/2008. Since accreditation is an essential means of verifying the competence of conformity assessment bodies, it should also be used for the purposes of notification.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
notified body
Definition
Union harmonisation legislation
Definition
product with digital elements
Definition
conformity assessment
Definition
remote data processing
Definition
conformity assessment body
Definition
notifying authority
Definition
electronic information system
Definition
hardware
Definition
software