Art. 12 High-risk AI systems | CRA regulation |

1. Without prejudice to the requirements relating to accuracy and robustness set out in Article 15 of Regulation (EU) 2024/1689, products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; which fall within the scope of this Regulation and which are classified as high-risk AI systems pursuant to Article 6 of that Regulation shall be deemed to comply with the cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Article 15 of that Regulation where:
  1. those products fulfil the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part I of Annex I;
  2. the processes put in place by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; comply with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in Part II of Annex I; and
  3. the achievement of the level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; protection required under Article 15 of Regulation (EU) 2024/1689 is demonstrated in the EU declaration of conformity issued under this Regulation.
1. For the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; and cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements referred to in paragraph 1 of this Article, the relevant conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedure provided for in Article 43 of Regulation (EU) 2024/1689 shall apply. For the purposes of that assessment, notified bodies means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; which are competent to control the conformity of the high-risk AI systems under Regulation (EU) 2024/1689 shall also be competent to control the conformity of high-risk AI systems which fall within the scope of this Regulation with the requirements set out in Annex I to this Regulation, provided that the compliance of those notified bodies means a conformity assessment body designated in accordance with Article 43 and other relevant Union harmonisation legislation; with the requirements laid down in Article 39 of this Regulation has been assessed in the context of the notification procedure under Regulation (EU) 2024/1689.
1. By way of derogation from paragraph 2 of this Article, important products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; as listed in Annex III to this Regulation, which are subject to the conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedures referred to in Article 32(2), points (a) and (b), and Article 32(3) of this Regulation and critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; as listed in Annex IV to this Regulation which are required to obtain a European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certificate pursuant to Article 8(1) of this Regulation or, absent that, which are subject to the conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedures referred to in Article 32(3) of this Regulation, and which are classified as high-risk AI systems pursuant to Article 6 of Regulation (EU) 2024/1689, and to which the conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedure based on internal control as referred to in Annex VI to Regulation (EU) 2024/1689 applies, shall be subject to the conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedures provided for in this Regulation in so far as the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation are concerned.
1. Manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; as referred to in paragraph 1 of this Article may participate in the AI regulatory sandboxes referred to in Article 57 of Regulation (EU) 2024/1689.