Source: OJ L 2024/2847, 20.11.2024
ENRecital 46 Critical products
The categories of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in this Regulation have a cybersecurity-related functionality and perform a function which carries a significant risk of adverse effects in terms of its intensity and ability to disrupt, control or cause damage to a large number of other products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; through direct manipulation. Furthermore, those categories of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are considered to be critical dependencies for essential entities as referred to in Article 3(1) of Directive (EU) 2022/2555. The categories of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in an annex to this Regulation, due to their criticality, already widely use various forms of certification, and are also covered by the European Common Criteria-based cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme (EUCC) set out in Commission Implementing Regulation (EU) 2024/482(20)Commission Implementing Regulation (EU) 2024/482 of 31 January 2024 laying down rules for the application of Regulation (EU) 2019/881 of the European Parliament and of the Council as regards the adoption of the European Common Criteria-based cybersecurity certification scheme (EUCC) (OJ L, 2024/482, 7.2.2024, ELI: http://data.europa.eu/eli/reg_impl/2024/482/oj).. Therefore, in order to ensure a common adequate cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; protection of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in the Union, it could be adequate and proportionate to subject such categories of product, by means of a delegated act, to mandatory European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification where a relevant European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme covering those products is already in place and an assessment of the potential market impact of the envisaged mandatory certification has been carried out by the Commission. That assessment should consider both the supply and demand side, including whether there is sufficient demand for the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; concerned from both Member States and users for European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification to be required, as well as the purposes for which the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are intended to be used, including the critical dependency on them by essential entities as referred to in Article 3(1) of Directive (EU) 2022/2555. The assessment should also analyse the potential effects of the mandatory certification on the availability of those products on the internal market and the capabilities and the readiness of the Member States for the implementation of the relevant European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes.