Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 46 Critical products

The categories of critical products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in this Regulation have a cybersecurity-related functionality and perform a function which carries a significant risk of adverse effects in terms of its intensity and ability to disrupt, control or cause damage to a large number of other products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; through direct manipulation. Furthermore, those categories of products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are considered to be critical dependencies for essential entities as referred to in Article 3(1) of Directive (EU) 2022/2555. The categories of critical products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in an annex to this Regulation, due to their criticality, already widely use various forms of certification, and are also covered by the European Common Criteria-based cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme (EUCC) set out in Commission Implementing Regulation (EU) 2024/482(20)Commission Implementing Regulation (EU) 2024/482 of 31 January 2024 laying down rules for the application of Regulation (EU) 2019/881 of the European Parliament and of the Council as regards the adoption of the European Common Criteria-based cybersecurity certification scheme (EUCC) (OJ L, 2024/482, 7.2.2024, ELI: http://data.europa.eu/eli/reg_impl/2024/482/oj).. Therefore, in order to ensure a common adequate cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; protection of critical products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in the Union, it could be adequate and proportionate to subject such categories of product, by means of a delegated act, to mandatory European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification where a relevant European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme covering those products is already in place and an assessment of the potential market impact of the envisaged mandatory certification has been carried out by the Commission. That assessment should consider both the supply and demand side, including whether there is sufficient demand for the products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; concerned from both Member States and users for European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification to be required, as well as the purposes for which the products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are intended to be used, including the critical dependency on them by essential entities as referred to in Article 3(1) of Directive (EU) 2022/2555. The assessment should also analyse the potential effects of the mandatory certification on the availability of those products on the internal market and the capabilities and the readiness of the Member States for the implementation of the relevant European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod