Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 55 Justification of non-applicability of requirements

Where certain essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements are not applicable to a product with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should include a clear justification in the cybersecurity riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment included in the technical documentation. This could be the case where an essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirement is incompatible with the nature of a product with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;. For example, the intended purposemeans the use for which a product with digital elements is intended by the manufacturer, including the specific context and conditions of use, as specified in the information supplied by the manufacturer in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation; of a product with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; may require the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; to follow widely recognised interoperability standards even if its security features are no longer considered to be state of the art. Similarly, other Union law requires manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; to apply specific interoperability requirements. Where an essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirement is not applicable to a product with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, but the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; has identified cybersecurity risksmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; in relation to that essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirement, it should take measures to address those risks by other means, for instance by limiting the intended purposemeans the use for which a product with digital elements is intended by the manufacturer, including the specific context and conditions of use, as specified in the information supplied by the manufacturer in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation; of the product to trusted environments or by informing the users about those risks.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod