Source: OJ L 2024/2847, 20.11.2024
ENCRA regulation
Regulation (EU) 2024/2847 of the European Parliament and of the Council
of 23 October 2024
on horizontal cybersecurity requirements for products with digital elements
and amending Regulations (EU) No 168/2013 and (EU) No 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act)
(Text with EEA relevance)
Table of contents
Preamble 1 – 130Recitals
- Chapter IGeneral provisions
- Article 1Subject matter
- Article 2Scope
- Article 3Definitions
- Article 4Free movement
- Article 5Procurement or use of products with digital elements
- Article 6Requirements for products with digital elements
- Article 7Important products with digital elements
- Article 8Critical products with digital elements
- Article 9Stakeholder consultation
- Article 10Enhancing skills in a cyber resilient digital environment
- Article 11General product safety
- Article 12High-risk AI systems
- Chapter IIObligations of economic operators and provisions in relation to free and open-source software
- Article 13Obligations of manufacturers
- Article 14Reporting obligations of manufacturers
- Article 15Voluntary reporting
- Article 16Establishment of a single reporting platform
- Article 17Other provisions related to reporting
- Article 18Authorised representatives
- Article 19Obligations of importers
- Article 20Obligations of distributors
- Article 21Cases in which obligations of manufacturers apply to importers and distributors
- Article 22Other cases in which obligations of manufacturers apply
- Article 23Identification of economic operators
- Article 24Obligations of open-source software stewards
- Article 25Security attestation of free and open-source software
- Article 26Guidance
- Chapter IIIConformity of the product with digital elements
- Article 27Presumption of conformity
- Article 28EU declaration of conformity
- Article 29General principles of the CE marking
- Article 30Rules and conditions for affixing the CE marking
- Article 31Technical documentation
- Article 32Conformity assessment procedures for products with digital elements
- Article 33Support measures for microenterprises and small and medium-sized enterprises, including start-ups
- Article 34Mutual recognition agreements
- Chapter IVNotification of conformity assessment bodies
- Article 35Notification
- Article 36Notifying authorities
- Article 37Requirements relating to notifying authorities
- Article 38Information obligation on notifying authorities
- Article 39Requirements relating to notified bodies
- Article 40Presumption of conformity of notified bodies
- Article 41Subsidiaries of and subcontracting by notified bodies
- Article 42Application for notification
- Article 43Notification procedure
- Article 44Identification numbers and lists of notified bodies
- Article 45Changes to notifications
- Article 46Challenge of the competence of notified bodies
- Article 47Operational obligations of notified bodies
- Article 48Appeal against decisions of notified bodies
- Article 49Information obligation on notified bodies
- Article 50Exchange of experience
- Article 51Coordination of notified bodies
- Chapter VMarket surveillance and enforcement
- Article 52Market surveillance and control of products with digital elements in the Union market
- Article 53Access to data and documentation
- Article 54Procedure at national level concerning products with digital elements presenting a significant cybersecurity risk
- Article 55Union safeguard procedure
- Article 56Procedure at Union level concerning products with digital elements presenting a significant cybersecurity risk
- Article 57Compliant products with digital elements which present a significant cybersecurity risk
- Article 58Formal non-compliance
- Article 59Joint activities of market surveillance authorities
- Article 60Sweeps
- Chapter VIDelegated powers and committee procedure
- Chapter VIIConfidentiality and penalties
- Chapter VIIITransitional and final provisions