Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 43 Notification procedure
Summary What does Article 43 of the CRA regulation say?
This article sets out the formal notification procedure that notifying authorities must follow when designating conformity assessment bodies under the Cyber Resilience Act.
It directly follows from Article 42, which governs the application process, and builds upon Article 39, which establishes the eligibility requirements a body must satisfy before it can be notified.
The article covers the mechanics of how a notification is submitted, what information it must contain, and the conditions under which a body officially acquires the status of a notified body.
Important points:
- Notifying authorities are required to notify only those conformity assessment bodies that have satisfied the requirements of Article 39, and must do so via the Commission's New Approach Notified and Designated Organisations information system.
- Where no accreditation certificate is used, the notifying authority must provide documentary evidence of the body's competence and the arrangements for its ongoing monitoring.
- A body may only begin operating as a notified body after a standstill period of two weeks (where accreditation is used) or two months (where it is not), during which the Commission or other Member States may raise objections.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Notifying authorities shall notify only conformity assessment bodies which have satisfied the requirements laid down in Article 39.
The notifying authority shall notify the Commission and the other Member States using the New Approach Notified and Designated Organisations information system developed and managed by the Commission.
The notification shall include full details of the conformity assessment activities, the conformity assessment module or modules and product or products with digital elements concerned and the relevant attestation of competence.
Where a notification is not based on an accreditation certificate as referred to in Article 42(2), the notifying authority shall provide the Commission and the other Member States with documentary evidence which attests to the conformity assessment body’s competence and the arrangements in place to ensure that that body will be monitored regularly and will continue to satisfy the requirements laid down in Article 39.
The body concerned may perform the activities of a notified body only where no objections are raised by the Commission or the other Member States within two weeks of a notification where an accreditation certificate is used or within two months of a notification where accreditation is not used.
Only such a body shall be considered to be a notified body for the purposes of this Regulation.
The Commission and the other Member States shall be notified of any subsequent relevant changes to the notification.
Relevant recitals
Recital 101 Alternatives to transparent accreditation
Transparent accreditation as provided for in Regulation (EC) No 765/2008, ensuring the necessary level of confidence in certificates of conformity, should be considered by the national public authorities throughout the Union to be the preferred means of demonstrating the technical competence of conformity assessment bodies. However, national authorities may consider that they possess the appropriate means of carrying out that evaluation themselves. In such cases, in order to ensure the appropriate level of credibility of evaluations carried out by other national authorities, they should provide the Commission and the other Member States with the necessary documentary evidence demonstrating the compliance of the conformity assessment bodies evaluated with the relevant regulatory requirements.
Recital 103 Notification via the NANDO information system
The notification of a conformity assessment body should be sent by the notifying authority to the Commission and the other Member States via the New Approach Notified and Designated Organisations (NANDO) information system. The NANDO information system is the electronic notification tool developed and managed by the Commission where a list of all notified bodies can be found.
Recital 104 Objection period
Since notified bodies may offer their services throughout the Union, it is appropriate to give the other Member States and the Commission the opportunity to raise objections concerning a notified body. It is therefore important to provide for a period during which any doubts or concerns as to the competence of conformity assessment bodies can be clarified before they start operating as notified bodies.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
notified body
Definition
Union harmonisation legislation
Definition
product with digital elements
Definition
conformity assessment
Definition
remote data processing
Definition
conformity assessment body
Definition
notifying authority
Definition
electronic information system
Definition
hardware
Definition
software