Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 40 Support period and security updates

Taking into account the iterative nature of softwaremeans the part of an electronic information system which consists of computer code; development, manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; that have placed subsequent versions of a softwaremeans the part of an electronic information system which consists of computer code; product on the market as a result of a subsequent substantial modificationmeans a change to the product with digital elements following its placing on the market, which affects the compliance of the product with digital elements with the essential cybersecurity requirements set out in Part I of Annex I or which results in a modification to the intended purpose for which the product with digital elements has been assessed; of that product should be able to provide security updates for the support periodmeans the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I; only for the version of the softwaremeans the part of an electronic information system which consists of computer code; product that they have last placed on the market. They should be able to do so only if the users of the relevant previous product versions have access to the product version last placed on the market free of charge and do not incur additional costs to adjust the hardwaremeans a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; or softwaremeans the part of an electronic information system which consists of computer code; environment in which they operate the product. This could, for instance, be the case where a desktop operating system upgrade does not require new hardwaremeans a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data;, such as a faster central processing unit or more memory. Nonetheless, the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should continue to comply, for the support periodmeans the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, with other vulnerability-handling requirements, such as having a policy on coordinated vulnerabilitymeans a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; disclosure or measures in place to facilitate the sharing of information about potential vulnerabilitiesmeans a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; for all subsequent substantially modified versions of the softwaremeans the part of an electronic information system which consists of computer code; product placed on the market. Manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should be able to provide minor security or functionality updates that do not constitute a substantial modificationmeans a change to the product with digital elements following its placing on the market, which affects the compliance of the product with digital elements with the essential cybersecurity requirements set out in Part I of Annex I or which results in a modification to the intended purpose for which the product with digital elements has been assessed; only for the latest version or sub-version of a softwaremeans the part of an electronic information system which consists of computer code; product that has not been substantially modified. At the same time, where a hardwaremeans a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; product, such as a smartphone, is not compatible with the latest version of the operating system it was originally delivered with, the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should continue to provide security updates at least for the latest compatible version of the operating system for the support periodmeans the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod