Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 37 Requirements relating to notifying authorities
Summary What does Article 37 of the CRA regulation say?
This article sets out the integrity and structural requirements that notifying authorities must meet.
It builds directly on Article 36, which establishes the role of the notifying authority, by specifying how that authority must be organised and operate in practice.
The overarching theme is independence: the authority must be free from conflicts of interest, operate objectively and impartially, and must not compete with the very conformity assessment bodies it oversees.
Important points:
- Notifying authorities are required to be structured so that no conflict of interest arises with conformity assessment bodies, including a separation between those who conduct assessments and those who make notification decisions.
- Notifying authorities are prohibited from offering or providing, on a commercial or competitive basis, any activities that conformity assessment bodies perform, nor any consultancy services.
- Notifying authorities must safeguard the confidentiality of information obtained and have sufficient competent personnel to carry out their tasks.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
A notifying authority shall be established in such a way that no conflict of interest with conformity assessment bodies occurs.
A notifying authority shall be organised and shall function so as to safeguard the objectivity and impartiality of its activities.
A notifying authority shall be organised in such a way that each decision relating to notification of a conformity assessment body is taken by competent persons different from those who carried out the assessment.
A notifying authority shall not offer or provide any activities that conformity assessment bodies perform or consultancy services on commercial or competitive basis.
A notifying authority shall safeguard the confidentiality of the information it obtains.
A notifying authority shall have a sufficient number of competent personnel at its disposal for the proper performance of its tasks.
Relevant recitals
Recital 98 Notification of conformity assessment bodies
In order to carry out third-party conformity assessment for products with digital elements, conformity assessment bodies should be notified by the national notifying authorities to the Commission and the other Member States, provided they comply with a set of requirements, in particular on independence, competence and absence of conflicts of interest.
Recital 99 Requirements on notifying bodies and accreditation of conformity assessment bodies
In order to ensure a consistent level of quality in the performance of conformity assessment of products with digital elements, it is also necessary to lay down requirements for notifying authorities and other bodies involved in the assessment, notification and monitoring of notified bodies. The system set out in this Regulation should be complemented by the accreditation system provided for in Regulation (EC) No 765/2008. Since accreditation is an essential means of verifying the competence of conformity assessment bodies, it should also be used for the purposes of notification.
Recital 119 Respect for confidentiality
In order to ensure trusting and constructive cooperation of market surveillance authorities at Union and national level, all parties involved in the application of this Regulation should respect the confidentiality of information and data obtained in carrying out their tasks.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
notified body
Definition
Union harmonisation legislation
Definition
product with digital elements
Definition
conformity assessment
Definition
remote data processing
Definition
conformity assessment body
Definition
notifying authority
Definition
electronic information system
Definition
market surveillance authority
Definition
hardware
Definition
software