Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 63 Confidentiality
Summary What does Article 63 of the CRA regulation say?
This article establishes a confidentiality framework that applies to all parties involved in implementing the regulation.
It sets out the expectation that information and data gathered in the course of carrying out tasks under the regulation must be kept confidential, with the aim of protecting trade secrets, ongoing enforcement activities, national security, and the integrity of legal proceedings.
The article also addresses how confidential information flows between market surveillance authorities and the Commission, and carves out space for information sharing with third countries under appropriate protections.
Important points:
- All parties involved in applying this regulation must respect the confidentiality of information obtained in carrying out their tasks, protecting trade secrets, national security interests, and the integrity of criminal or administrative proceedings.
- Confidential information exchanged between market surveillance authorities, or between those authorities and the Commission, cannot be disclosed without the prior agreement of the originating market surveillance authority.
- The Commission and Member States may share sensitive information with third-country authorities, but only where bilateral or multilateral confidentiality arrangements guaranteeing an adequate level of protection are in place.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
All parties involved in the application of this Regulation shall respect the confidentiality of information and data obtained in carrying out their tasks and activities in such a manner as to protect, in particular:
intellectual property rights and confidential business information or trade secrets of a natural or legal person, including source code, except the cases referred to in Article 5 of Directive (EU) 2016/943 of the European Parliament and of the Council(37);
the effective implementation of this Regulation, in particular for the purposes of inspections, investigations or audits;
public and national security interests;
integrity of criminal or administrative proceedings.
Without prejudice to paragraph 1, information exchanged on a confidential basis between the market surveillance authorities and between market surveillance authorities and the Commission shall not be disclosed without the prior agreement of the originating market surveillance authority.
Paragraphs 1 and 2 shall not affect the rights and obligations of the Commission, Member States and notified bodies with regard to the exchange of information and the dissemination of warnings, nor the obligations of the persons concerned to provide information under criminal law of the Member States.
The Commission and Member States may exchange, where necessary, sensitive information with relevant authorities of third countries with which they have concluded bilateral or multilateral confidentiality arrangements guaranteeing an adequate level of protection.
Relevant recitals
Recital 119 Respect for confidentiality
In order to ensure trusting and constructive cooperation of market surveillance authorities at Union and national level, all parties involved in the application of this Regulation should respect the confidentiality of information and data obtained in carrying out their tasks.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
cybersecurity
Definition
notified body
Definition
Union harmonisation legislation
Definition
conformity assessment
Definition
conformity assessment body
Definition
market surveillance authority
Footnote 37