Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 41 Subsidiaries of and subcontracting by notified bodies
Summary What does Article 41 of the CRA regulation say?
This article governs the rules that apply when notified bodies — the organisations responsible for carrying out conformity assessments — choose to subcontract tasks or use subsidiaries.
It builds directly on Article 39, which sets out the core requirements that notified bodies themselves must meet, and extends those same standards down to any third party they engage.
The article makes clear that outsourcing conformity assessment work does not dilute the notified body's accountability; it remains fully responsible regardless of who actually performs the tasks.
Important points:
- Notified bodies retain full responsibility for all tasks performed by subcontractors or subsidiaries, regardless of where those entities are established.
- Subcontracting or use of a subsidiary requires the agreement of the manufacturer whose product is being assessed.
- Notified bodies are required to keep documentation on subcontractor and subsidiary qualifications and work available to the notifying authority upon request.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Where a notified body subcontracts specific tasks connected with conformity assessment or has recourse to a subsidiary, it shall ensure that the subcontractor or the subsidiary meets the requirements set out in Article 39 and shall inform the notifying authority accordingly.
Notified bodies shall take full responsibility for the tasks performed by subcontractors or subsidiaries wherever they are established.
Activities may be subcontracted or carried out by a subsidiary only with the agreement of the manufacturer.
Notified bodies shall keep at the disposal of the notifying authority the relevant documents concerning the assessment of the qualifications of the subcontractor or the subsidiary and the work carried out by them under this Regulation.
Relevant recitals
Recital 102 Conformity assessment subcontractors and subsidiaries
Conformity assessment bodies frequently subcontract parts of their activities linked to the assessment of conformity or have recourse to a subsidiary. In order to safeguard the level of protection required for a product with digital elements to be placed on the market, it is essential that conformity assessment subcontractors and subsidiaries fulfil the same requirements as notified bodies in relation to the performance of conformity assessment tasks.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
notified body
Definition
Union harmonisation legislation
Definition
product with digital elements
Definition
conformity assessment
Definition
remote data processing
Definition
conformity assessment body
Definition
notifying authority
Definition
electronic information system
Definition
hardware
Definition
software