Source: OJ L 2024/2847, 20.11.2024Current language: EN
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 69 Transitional provisions
Summary What does Article 69 of the CRA regulation say?
This is a transitional provisions article that manages the shift from existing certification frameworks to the new requirements introduced by this Regulation.
It sets out how previously issued certificates and pre-existing products on the market are treated during the changeover period, ensuring that the move to the new regime does not create an immediate compliance cliff-edge for manufacturers.
Important points:
- EU type-examination certificates and approval decisions issued under other Union harmonisation legislation regarding cybersecurity remain valid until 11 June 2028, unless they expire sooner or the relevant legislation specifies otherwise.
- Products with digital elements already on the market before 11 December 2027 are only subject to this Regulation's requirements if they undergo a substantial modification from that date onward.
- The exception to the above is Article 14 (the vulnerability and incident reporting obligations), which applies to all in-scope products already on the market before 11 December 2027, regardless of whether a substantial modification has taken place.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
EU type-examination certificates and approval decisions issued regarding cybersecurity requirements for products with digital elements that are subject to Union harmonisation legislation other than this Regulation shall remain valid until 11 June 2028, unless they expire before that date, or unless otherwise specified in such other Union harmonisation legislation, in which case they shall remain valid as referred to in that legislation.
Products with digital elements that have been placed on the market before 11 December 2027 shall be subject to the requirements set out in this Regulation only if, from that date, those products are subject to a substantial modification.
By way of derogation from paragraph 2 of this Article, the obligations laid down in Article 14 shall apply to all products with digital elements that fall within the scope of this Regulation that have been placed on the market before 11 December 2027.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
intended purpose
Definition
component
Definition
cybersecurity
Definition
manufacturer
Definition
substantial modification
Definition
Union harmonisation legislation
Definition
product with digital elements
Definition
placing on the market
Definition
remote data processing
Definition
electronic information system
Definition
hardware
Definition
software