Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 46 Challenge of the competence of notified bodies
Summary What does Article 46 of the CRA regulation say?
This article establishes the Commission's investigative oversight role over notified bodies — the conformity assessment bodies designated under Article 43 to verify that products with digital elements meet the regulation's cybersecurity requirements.
It sets out what happens when questions arise about whether a notified body is still fit for purpose, giving the Commission the authority to investigate and, where necessary, compel corrective action by the relevant Member State.
Important points:
- The Commission is required to investigate any case where doubt arises about a notified body's competence or continued fulfilment of its obligations.
- Notifying Member States are required to provide the Commission with all relevant information on request during such an investigation.
- Where the Commission finds a notified body no longer meets the requirements, it must inform the notifying Member State and request corrective measures, up to and including de-notification.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
The Commission shall investigate all cases where it doubts, or where doubt is brought to its attention regarding, the competence of a notified body to meet, or the continued fulfilment by a notified body of, the requirements and responsibilities to which it is subject.
The notifying Member State shall provide the Commission, on request, with all information relating to the basis for the notification or the maintenance of the competence of the body concerned.
The Commission shall ensure that all sensitive information obtained in the course of its investigations is treated confidentially.
Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall inform the notifying Member State accordingly and request it to take the necessary corrective measures, including de-notification if necessary.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
cybersecurity
Definition
notified body
Definition
Union harmonisation legislation
Definition
conformity assessment
Definition
conformity assessment body