Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 59 Joint activities of market surveillance authorities
Summary What does Article 59 of the CRA regulation say?
This article establishes a framework for coordinated, cross-authority joint activities in the enforcement of the regulation.
It allows market surveillance authorities to team up with other relevant authorities to check compliance and address cybersecurity risks in products with digital elements, particularly those known to present recurring risks.
The Commission and ENISA also play an active role by proposing such joint activities where there are signs of non-compliance across multiple Member States.
The article sits within the broader market surveillance and enforcement chapter and complements the investigative powers set out in surrounding articles.
Important points:
- Market surveillance authorities are permitted to agree with other authorities on joint compliance activities, particularly targeting products that frequently present cybersecurity risks.
- The Commission and ENISA are required to propose joint activities where indications of non-compliance exist across several Member States.
- Market surveillance authorities and the Commission must ensure joint activities do not lead to unfair competition among economic operators and must make the agreement, including the names of parties involved, publicly available.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Market surveillance authorities may agree with other relevant authorities to carry out joint activities aimed at ensuring cybersecurity and the protection of consumers with respect to specific products with digital elements placed on the market or made available on the market, in particular products with digital elements that are often found to present cybersecurity risks.
The Commission or ENISA shall propose joint activities for checking compliance with this Regulation to be conducted by market surveillance authorities based on indications or information of potential non-compliance across several Member States of products with digital elements that fall within the scope of this Regulation with the requirements laid down in this Regulation.
The market surveillance authorities and, where applicable, the Commission, shall ensure that the agreement to carry out joint activities does not lead to unfair competition between economic operators and does not negatively affect the objectivity, independence and impartiality of the parties to the agreement.
A market surveillance authority may use any information obtained as a result of the joint activities carried out as part of any investigation that it undertakes.
The market surveillance authority concerned and, where applicable, the Commission, shall make the agreement on joint activities, including the names of the parties involved, available to the public.
Relevant recitals
Recital 109 Cooperation of market surveillance authorities
Market surveillance authorities, through ADCO established under this Regulation, should cooperate closely and should be able to develop guidance documents to facilitate market surveillance activities at national level, such as by developing best practices and indicators to effectively check the compliance of products with digital elements with this Regulation.
Recital 113 Joint activities of market surveillance authorities
Where there are indications of non-compliance with this Regulation in several Member States, market surveillance authorities should be able to carry out joint activities with other authorities, with a view to verifying compliance and identifying cybersecurity risks of products with digital elements.
Recital 115 Role of ENISA
In light of its expertise and mandate, ENISA should be able to support the process for implementation of this Regulation. In particular, ENISA should be able to propose joint activities to be conducted by market surveillance authorities based on indications or information regarding potential non-compliance with this Regulation of products with digital elements across several Member States or identify categories of products for which sweeps should be organised. In exceptional circumstances, ENISA should be able, at the request of the Commission, to conduct evaluations in respect of specific products with digital elements that present a significant cybersecurity risk, where an immediate intervention is required to preserve the proper functioning of the internal market.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
incident
Definition
importer
Definition
economic operator
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
distributor
Definition
authorised representative
Definition
product with digital elements
Definition
consumer
Definition
significant cybersecurity risk
Definition
remote data processing
Definition
cybersecurity risk
Definition
electronic information system
Definition
market surveillance authority
Definition
hardware
Definition
software