Annex II CRITICAL PRODUCTS WITH DIGITAL ELEMENTS

Hardwaremeans a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that securely store, process, or manage sensitive data or perform cryptographic operations, and that consist of multiple discrete componentsmeans software or hardware intended for integration into an electronic information system;, incorporating a hardwaremeans a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; physical envelope providing tamper evidence, resistance or response as countermeasures against physical attacks.

This category includes but is not limited to physical payment terminals, hardwaremeans a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; security modules that generate and manage cryptographic elements, and tachographs that meet the above description.

Smart meter gateways are products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that control communication between componentsmeans software or hardware intended for integration into an electronic information system; in or connected to smart metering systems as defined in Article 2(23) of Directive (EU) 2019/944, and authorised third parties, such as utility providers. Smart meter gateways collect, process and store meter or personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;, protect data and information flows by supporting specific cryptographic needs, such as encryption and decryption of data, incorporate firewalling functionalities and provide the means to control other devices.

This category includes but is not limited to smart meter gateways related to smart metering systems measuring electricity as defined in Article 2(23) of Directive (EU) 2019/944. It may also include smart meter gateways used in other smart metering systems measuring consumption of other sources of energy such as gas or heat, provided that the gateway meets this description.

Secure elements are microcontrollers or microprocessors with security-related functionalities, including tamper evidence, resistance or response. They typically store, process, or manage cryptographic operations or sensitive data, such as identity credentials or payment credentials. Secure elements are designed to provide protection of at least AVA_VAN.4, as set out in the Common Criteria or the Common Evaluation Methodology. They can be discrete silicon or can be integrated into systems on chip (SoC). Secure elements can incorporate an application environment or an operating system, and can include one or more applications.

This category includes but is not limited to Trusted Platform Modules (TPMs) and embedded Universal Integrated Circuit Card (UICC).

Smartcards or similar devices are secure elements integrated into a carrier material, such as plastic or wood, in the shape of a card, or secure elements integrated into carrier materials taking other shapes.

This category includes but is not limited to identity and travel documents, qualified signature cards, replaceable UICCs, physical payment cards, physical access cards, digital tachograph cards or wrist bands with integrated payment secure elements.