Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 81 Voluntary European cybersecurity certification framework

Regulation (EU) 2019/881 establishes a voluntary European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification framework for ICT products, ICT processes and ICT services. European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes provide a common framework of trust for users to use products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that fall within the scope of this Regulation. This Regulation should consequently create synergies with Regulation (EU) 2019/881. In order to facilitate the assessment of conformity with the requirements laid down in this Regulation, products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that are certified or for which a statement of conformity has been issued under a European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; scheme pursuant to Regulation (EU) 2019/881 that has been identified by the Commission in an implementing act, shall be presumed to be in compliance with the essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation in so far as the European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certificate or statement of conformity or parts thereof cover those requirements. The need for new European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes for products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; should be assessed in the light of this Regulation, including when preparing the Union rolling work programme in accordance with Regulation (EU) 2019/881. Where there is a need for a new scheme covering products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, including in order to facilitate compliance with this Regulation, the Commission can request ENISA to prepare candidate schemes in accordance with Article 48 of Regulation (EU) 2019/881. Such future European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes covering products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; should take into account the essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements and conformity assessmentmeans the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedures as set out in this Regulation and facilitate compliance with this Regulation. For European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes that enter into force before the entry into force of this Regulation, further specifications may be needed on detailed aspects of how a presumption of conformity can apply. The Commission, by means of delegated acts, should be empowered to specify under which conditions the European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes can be used to demonstrate conformity with the essential cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation. Furthermore, to avoid undue administrative burdens, there should be no obligation for manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; to carry out a third-party conformity assessmentmeans the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; as provided for in this Regulation for corresponding requirements where a European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certificate has been issued under such European cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes at least at level ‘substantial’.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod