Source: OJ L 2024/2847, 20.11.2024

Current language: EN

Article 58 Formal non-compliance


Summary What does Article 58 of the CRA regulation say?

This article deals with formal, procedural non-compliance by manufacturers — specifically situations where the paperwork and markings required to demonstrate conformity are absent, incorrect, or incomplete.

It is distinct from Articles 54 and 57, which address substantive cybersecurity risk and product non-compliance; Article 58 instead focuses narrowly on administrative deficiencies such as missing or improperly affixed CE markings, absent or incorrectly drawn-up EU declarations of conformity, missing notified body identification numbers, and incomplete technical documentation.

Where such issues are found, market surveillance authorities are empowered to demand remediation, and if the manufacturer fails to act, Member States can go further and restrict, prohibit, recall, or withdraw the product from the market entirely.

Important points:

  • Market surveillance authorities are required to order the relevant manufacturer to remedy any identified formal non-compliance relating to CE marking, declarations of conformity, notified body identification numbers, or technical documentation.
  • If the non-compliance persists, the Member State must take all appropriate measures, which can include restricting or prohibiting market availability, or requiring recall or withdrawal of the product.
  • This article targets procedural and documentary failures specifically, not the underlying cybersecurity risk of the product itself.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Where the market surveillance authority of a Member State makes one of the following findings, it shall require the relevant manufacturer to put an end to the non-compliance concerned:

      1. the CE marking has been affixed in violation of Articles 29 and 30;

      2. the CE marking has not been affixed;

      3. the EU declaration of conformity has not been drawn up;

      4. the EU declaration of conformity has not been drawn up correctly;

      5. the identification number of the notified body which is involved in the conformity assessment procedure, where applicable, has not been affixed;

      6. the technical documentation is either not available or not complete.

    1. Where the non-compliance referred to in paragraph 1 persists, the Member State concerned shall take all appropriate measures to restrict or prohibit the product with digital elements from being made available on the market or ensure that it is recalled or withdrawn from the market.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod