Annex VIII Conformity assessment procedures

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall take all measures necessary so that the design, development, production and vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes and their monitoring ensure compliance of the manufactured or developed products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; and of the processes put in place by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Parts I and II of Annex I.

1. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall affix the CE marking means a marking by which a manufacturer indicates that a product with digital elements and the processes put in place by the manufacturer are in conformity with the essential cybersecurity requirements set out in Annex I and other applicable Union harmonisation legislation providing for its affixing; to each individual product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that satisfies the applicable requirements set out in this Regulation.

2. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall draw up a written EU declaration of conformity for each product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in accordance with Article 28 and keep it together with the technical documentation at the disposal of the national authorities for 10 years after the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; has been placed on the market or for the support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, whichever is longer. The EU declaration of conformity shall identify the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; for which it has been drawn up. A copy of the EU declaration of conformity shall be made available to the relevant authorities upon request.

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;’s obligations set out in point 4 may be fulfilled by its authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;, on its behalf and under its responsibility, provided that the relevant obligations are specified in the mandate.

The application shall include:

1. the name and address of the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; and, if the application is lodged by the authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;, the name and address of that authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;;

2. a written declaration that the same application has not been lodged with any other notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation;;

3. the technical documentation, which shall make it possible to assess the conformity of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; with the applicable essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements as set out in Part I of Annex I and the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;’s vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes set out in Part II of Annex I and shall include an adequate analysis and assessment of the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;. The technical documentation shall specify the applicable requirements and cover, as far as relevant for the assessment, the design, manufacture and operation of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;. The technical documentation shall contain, wherever applicable, at least the elements set out in Annex VII;

4. the supporting evidence for the adequacy of the technical design and development solutions and vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes. This supporting evidence shall mention any documents that have been used, in particular where the relevant harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specifications means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012; have not been applied in full. The supporting evidence shall include, where necessary, the results of tests carried out by the appropriate laboratory of the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;, or by another testing laboratory on its behalf and under its responsibility.

1. examine the technical documentation and supporting evidence to assess the adequacy of the technical design and development of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part I of Annex I and of the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes put in place by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part II of Annex I;

2. verify that specimens have been developed or manufactured in conformity with the technical documentation, and identify the elements which have been designed and developed in accordance with the applicable provisions of the relevant harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specifications means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012;, as well as the elements which have been designed and developed without applying the relevant provisions of those standards means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).;

3. carry out appropriate examinations and tests, or have them carried out, to check that, where the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; has chosen to apply the solutions in the relevant harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specifications means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012; for the requirements set out in Annex I, they have been applied correctly;

4. carry out appropriate examinations and tests, or have them carried out, to check that, where the solutions in the relevant harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specifications means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012; for the requirements set out in Annex I have not been applied, the solutions adopted by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; meet the corresponding essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements;

5. agree with the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; on a location where the examinations and tests will be carried out.

The certificate and its annexes shall contain all relevant information to allow the conformity of manufactured or developed products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; with the examined type and vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes to be evaluated and to allow for in-service control.

Where the type and the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes do not satisfy the applicable essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Annex I, the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall refuse to issue an EU-type examination certificate and shall inform the applicant accordingly, giving detailed reasons for its refusal.

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall inform the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; that holds the technical documentation relating to the EU-type examination certificate of all modifications to the approved type and the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes that may affect the conformity with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Annex I, or the conditions for validity of the certificate. Such modifications shall require additional approval in the form of an addition to the original EU-type examination certificate.

Each notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall inform the other notified bodies means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; concerning the EU-type examination certificates and any additions thereto which it has refused, withdrawn, suspended or otherwise restricted, and, upon request, concerning the certificates and additions thereto which it has issued.

The Commission, the Member States and the other notified bodies means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; may, on request, obtain a copy of the EU-type examination certificates and any additions thereto. On request, the Commission and the Member States may obtain a copy of the technical documentation and the results of the examinations carried out by the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation;. The notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall keep a copy of the EU-type examination certificate, its annexes and additions, as well as the technical file including the documentation submitted by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;, until the expiry of the validity of the certificate.

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall take all measures necessary so that the production and its monitoring ensure conformity of the manufactured products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; with the approved type described in the EU-type examination certificate and with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements as set out in Part I of Annex I and ensures that the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; meets the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part II of Annex I.

1. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall affix the CE marking means a marking by which a manufacturer indicates that a product with digital elements and the processes put in place by the manufacturer are in conformity with the essential cybersecurity requirements set out in Annex I and other applicable Union harmonisation legislation providing for its affixing; to each individual product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that is in conformity with the type described in the EU-type examination certificate and satisfies the applicable requirements set out in this Regulation.

2. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall draw up a written declaration of conformity for a product model and keep it at the disposal of the national authorities for 10 years after the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; has been placed on the market or for the support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, whichever is longer. The declaration of conformity shall identify the product model for which it has been drawn up. A copy of the declaration of conformity shall be made available to the relevant authorities upon request.

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;’s obligations set out in point 3 may be fulfilled by its authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;, on its behalf and under its responsibility, provided that the relevant obligations are specified in the mandate.

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall operate an approved quality system as specified in point 3 for the design, development and final product inspection and testing of the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; concerned and for handling vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat;, maintain its effectiveness throughout the support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, and shall be subject to surveillance as specified in point 4.

1. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall lodge an application for assessment of its quality system with the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; of its choice, for the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; concerned.

   The application shall include:

   1. the name and address of the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; and, if the application is lodged by the authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;, the name and address of that authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;;

   2. the technical documentation for one model of each category of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; intended to be manufactured or developed. The technical documentation shall, wherever applicable, contain at least the elements as set out in Annex VII;

   3. the documentation concerning the quality system; and

   4. a written declaration that the same application has not been lodged with any other notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation;.

2. The quality system shall ensure compliance of the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part I of Annex I and compliance of the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling processes put in place by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; with the requirements set out in Part II of Annex I.

   All the elements, requirements and provisions adopted by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall be documented in a systematic and orderly manner in the form of written policies, procedures and instructions. That quality system documentation shall permit a consistent interpretation of the quality programmes, plans, manuals and records.

   It shall, in particular, contain an adequate description of:

   1. the quality objectives and the organisational structure, responsibilities and powers of the management with regard to design, development, product quality and vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling;

   2. the technical design and development specifications, including standards means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12)., that will be applied and, where the relevant harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specifications means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012; will not be applied in full, the means that will be used to ensure that the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part I of Annex I that apply to the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; will be met;

   3. the procedural specifications, including standards means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12)., that will be applied and, where the relevant harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specifications means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012; will not be applied in full, the means that will be used to ensure that the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part II of Annex I that apply to the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; will be met;

   4. the design and development control, as well as design and development verification techniques, processes and systematic actions that will be used when designing and developing the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; pertaining to the product category covered;

   5. the corresponding production, quality control and quality assurance techniques, processes and systematic actions that will be used;

   6. the examinations and tests that will be carried out before, during and after production, and the frequency with which they will be carried out;

   7. the quality records, such as inspection reports and test data, calibration data and qualification reports on the personnel concerned;

   8. the means of monitoring the achievement of the required design and product quality and the effective operation of the quality system.

3. The notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall assess the quality system to determine whether it satisfies the requirements referred to in point 3.2.

   It shall presume conformity with those requirements in respect of the elements of the quality system that comply with the corresponding specifications of the national standard means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12). that implements the relevant harmonised standard means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012; or technical specification means a technical specification as defined in Article 2, point (4), of Regulation (EU) No 1025/2012;.

   In addition to experience in quality management systems, the auditing team shall have at least one member experienced as an assessor in the relevant product field and product technology concerned, and shall have knowledge of the applicable requirements set out in this Regulation. The audit shall include an assessment visit to the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;’s premises, where such premises exist. The auditing team shall review the technical documentation referred to in point 3.1 (b), to verify the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;’s ability to identify the applicable requirements set out in this Regulation and to carry out the necessary examinations with a view to ensuring compliance of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; with those requirements.

   The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; or its authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks; shall be notified of the decision.

   The notification shall contain the conclusions of the audit and the reasoned assessment decision.

4. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall undertake to fulfil the obligations arising out of the quality system as approved and to maintain it so that it remains adequate and efficient.

5. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall keep the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; that has approved the quality system informed of any intended change to the quality system.

   The notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall evaluate any proposed changes and decide whether the modified quality system will continue to satisfy the requirements referred to in point 3.2 or whether a reassessment is necessary.

   It shall notify the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; of its decision. The notification shall contain the conclusions of the examination and the reasoned assessment decision.

1. The purpose of surveillance is to make sure that the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; duly fulfils the obligations arising out of the approved quality system.

2. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall, for assessment purposes, allow the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; access to the design, development, production, inspection, testing and storage sites, and shall provide it with all necessary information, in particular:

   1. the quality system documentation;

   2. the quality records as provided for by the design part of the quality system, such as results of analyses, calculations and tests;

   3. the quality records as provided for by the manufacturing part of the quality system, such as inspection reports and test data, calibration data and qualification reports on the personnel concerned.

3. The notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall carry out periodic audits to make sure that the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; maintains and applies the quality system and shall provide the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; with an audit report.

1. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall affix the CE marking means a marking by which a manufacturer indicates that a product with digital elements and the processes put in place by the manufacturer are in conformity with the essential cybersecurity requirements set out in Annex I and other applicable Union harmonisation legislation providing for its affixing;, and, under the responsibility of the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; referred to in point 3.1, the latter’s identification number to each individual product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that satisfies the requirements set out in Part I of Annex I.

2. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; shall draw up a written declaration of conformity for each product model and keep it at the disposal of the national authorities for 10 years after the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; has been placed on the market or for the support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, whichever is longer. The declaration of conformity shall identify the product model for which it has been drawn up.

   A copy of the declaration of conformity shall be made available to the relevant authorities upon request.

1. the technical documentation referred to in point 3.1;

2. the documentation concerning the quality system referred to in point 3.1;

3. the change referred to in point 3.5, as approved;

4. the decisions and reports of the notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; referred to in points 3.5 and 4.3.

Each notified body means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; shall inform the other notified bodies means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; of quality system approvals which it has refused, suspended or withdrawn, and, upon request, of quality system approvals which it has issued.

The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;’s obligations set out in points 3.1, 3.5, 5 and 6 may be fulfilled by its authorised representative means a natural or legal person established within the Union who has received a written mandate from a manufacturer to act on its behalf in relation to specified tasks;, on its behalf and under its responsibility, provided that the relevant obligations are specified in the mandate.