Art. 15 Voluntary reporting | CRA regulation |

1. Manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; as well as other natural or legal persons may notify any vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; contained in a product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; as well as cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; that could affect the risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; profile of a product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; on a voluntary basis to a CSIRT designated as coordinator means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. or ENISA.
1. Manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; as well as other natural or legal persons may notify any incident having an impact on the security of the product with digital elements means an incident that negatively affects or is capable of negatively affecting the ability of a product with digital elements to protect the availability, authenticity, integrity or confidentiality of data or functions; as well as near misses that could have resulted in such an incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; on a voluntary basis to a CSIRT designated as coordinator means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. or ENISA.
1. The CSIRT designated as coordinator means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. or ENISA shall process the notifications referred to in paragraphs 1 and 2 of this Article in accordance with the procedure laid down in Article 16.
2. The CSIRT designated as coordinator means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. may prioritise the processing of mandatory notifications over voluntary notifications.
1. Where a natural or legal person other than the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; notifies an actively exploited vulnerability means a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner; or a severe incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; having an impact on the security of a product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in accordance with paragraph 1 or 2, the CSIRT designated as coordinator means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. shall without undue delay inform the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;.
1. The CSIRTs designated as coordinators means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555. as well as ENISA shall ensure the confidentiality and appropriate protection of the information provided by a notifying natural or legal person. Without prejudice to the prevention, investigation, detection and prosecution of criminal offences, voluntary reporting shall not result in the imposition of any additional obligations upon a notifying natural or legal person to which it would not have been subject had it not submitted the notification.