Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 117 Power to adopt delegated acts

In order to ensure that the regulatory framework can be adapted where necessary, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union (TFEU) should be delegated to the Commission in respect of updating an annex to this Regulation listing the important products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;. Power to adopt acts in accordance with that Article should be delegated to the Commission to identify products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; covered by other Union rules which achieve the same level of protection as this Regulation, specifying whether a limitation or exclusion from the scope of this Regulation would be necessary as well as the scope of that limitation, if applicable. Power to adopt acts in accordance with that Article should also be delegated to the Commission in respect of the potential mandating of certification under a European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme of the critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in an annex to this Regulation, as well as for updating the list of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; based on criticality criteria set out in this Regulation, and for specifying the European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes adopted pursuant to Regulation (EU) 2019/881 that can be used to demonstrate conformity with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements or parts thereof as set out in an annex to this Regulation. Power to adopt acts should also be delegated to the Commission to specify the minimum support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I; for specific product categories where the market surveillance data suggests inadequate support periods means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, as well as to specify the terms and conditions for applying the cybersecurity-related grounds in relation to delaying the dissemination of notifications of actively exploited vulnerabilities means a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner;. Furthermore, power to adopt acts should be delegated to the Commission to establish voluntary security attestation programmes for assessing the conformity of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; qualifying as free and open-source software means software the source code of which is openly shared and which is made available under a free and open-source licence which provides for all rights to make it freely accessible, usable, modifiable and redistributable; with all or certain essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements or other obligations laid down in this Regulation, as well as to specify the minimum content of the EU declaration of conformity and to supplement the elements to be included in the technical documentation. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making(31)OJ L 123, 12.5.2016, p. 1.. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups means a group as defined in Article 2, point (11), of Directive 2013/34/EU; dealing with the preparation of delegated acts. The power to adopt delegated acts pursuant to this Regulation should be conferred on the Commission for a period of five years from 10 December 2024. The Commission should draw up a report in respect of the delegation of power not later than nine months before the end of the five-year period. The delegation of power should be tacitly extended for periods of an identical duration, unless the European Parliament or the Council opposes such extension not later than three months before the end of each period.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod