Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 46 Critical products

The categories of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in this Regulation have a cybersecurity-related functionality and perform a function which carries a significant risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; of adverse effects in terms of its intensity and ability to disrupt, control or cause damage to a large number of other products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; through direct manipulation. Furthermore, those categories of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are considered to be critical dependencies for essential entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; as referred to in Article 3(1) of Directive (EU) 2022/2555. The categories of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in an annex to this Regulation, due to their criticality, already widely use various forms of certification, and are also covered by the European Common Criteria-based cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme (EUCC) set out in Commission Implementing Regulation (EU) 2024/482(20)Commission Implementing Regulation (EU) 2024/482 of 31 January 2024 laying down rules for the application of Regulation (EU) 2019/881 of the European Parliament and of the Council as regards the adoption of the European Common Criteria-based cybersecurity certification scheme (EUCC) (OJ L, 2024/482, 7.2.2024, ELI: http://data.europa.eu/eli/reg_impl/2024/482/oj).. Therefore, in order to ensure a common adequate cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; protection of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in the Union, it could be adequate and proportionate to subject such categories of product, by means of a delegated act, to mandatory European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification where a relevant European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme covering those products is already in place and an assessment of the potential market impact of the envisaged mandatory certification has been carried out by the Commission. That assessment should consider both the supply and demand side, including whether there is sufficient demand for the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; concerned from both Member States and users for European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification to be required, as well as the purposes for which the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are intended to be used, including the critical dependency on them by essential entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; as referred to in Article 3(1) of Directive (EU) 2022/2555. The assessment should also analyse the potential effects of the mandatory certification on the availability of those products on the internal market and the capabilities and the readiness of the Member States for the implementation of the relevant European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod