Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 34 Manufacturers' responsibility for the supply chain

When integrating components means software or hardware intended for integration into an electronic information system; sourced from third parties in products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; during the design and development phase, manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should, in order to ensure that the products are designed, developed and produced in accordance with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation, exercise due diligence with regard to those components means software or hardware intended for integration into an electronic information system;, including free and open-source software means software the source code of which is openly shared and which is made available under a free and open-source licence which provides for all rights to make it freely accessible, usable, modifiable and redistributable; components means software or hardware intended for integration into an electronic information system; that have not been made available on the market. The appropriate level of due diligence depends on the nature and the level of cybersecurity risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; associated with a given component means software or hardware intended for integration into an electronic information system;, and should, for that purpose, take into account one or more of the following actions: verifying, as applicable, that the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; of a component means software or hardware intended for integration into an electronic information system; has demonstrated conformity with this Regulation, including by checking if the component means software or hardware intended for integration into an electronic information system; already bears the CE marking means a marking by which a manufacturer indicates that a product with digital elements and the processes put in place by the manufacturer are in conformity with the essential cybersecurity requirements set out in Annex I and other applicable Union harmonisation legislation providing for its affixing;; verifying that a component means software or hardware intended for integration into an electronic information system; receives regular security updates, such as by checking its security updates history; verifying that a component means software or hardware intended for integration into an electronic information system; is free from vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; registered in the European vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; database established pursuant to Article 12(2) of Directive (EU) 2022/2555 or other publicly accessible vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; databases; or carrying out additional security tests. The vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling obligations set out in this Regulation, which manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; have to comply with when placing a product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; on the market and for the support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;, apply to products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in their entirety, including to all integrated components means software or hardware intended for integration into an electronic information system;. Where, in the exercise of due diligence, the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; identifies a vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; in a component means software or hardware intended for integration into an electronic information system;, including in a free and open-source component means software or hardware intended for integration into an electronic information system;, it should inform the person or entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; manufacturing or maintaining the component means software or hardware intended for integration into an electronic information system;, address and remediate the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat;, and, where applicable, provide the person or entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; with the applied security fix.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod