Source: OJ L 2024/2847, 20.11.2024

Current language: EN

Article 46 Challenge of the competence of notified bodies


Summary What does Article 46 of the CRA regulation say?

This article establishes the Commission's investigative oversight role over notified bodies — the conformity assessment bodies designated under Article 43 to verify that products with digital elements meet the regulation's cybersecurity requirements.

It sets out what happens when questions arise about whether a notified body is still fit for purpose, giving the Commission the authority to investigate and, where necessary, compel corrective action by the relevant Member State.

Important points:

  • The Commission is required to investigate any case where doubt arises about a notified body's competence or continued fulfilment of its obligations.
  • Notifying Member States are required to provide the Commission with all relevant information on request during such an investigation.
  • Where the Commission finds a notified body no longer meets the requirements, it must inform the notifying Member State and request corrective measures, up to and including de-notification.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The Commission shall investigate all cases where it doubts, or where doubt is brought to its attention regarding, the competence of a notified body to meet, or the continued fulfilment by a notified body of, the requirements and responsibilities to which it is subject.

    1. The notifying Member State shall provide the Commission, on request, with all information relating to the basis for the notification or the maintenance of the competence of the body concerned.

    1. The Commission shall ensure that all sensitive information obtained in the course of its investigations is treated confidentially.

    1. Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall inform the notifying Member State accordingly and request it to take the necessary corrective measures, including de-notification if necessary.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod