Source: OJ L 2024/2847, 20.11.2024
ENRecital 47 Mandatory European cybersecurity certification
Delegated acts requiring mandatory European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification should determine the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that have the core functionality of a category of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in this Regulation that are to be subject to mandatory certification, as well as the required assurance level, which should be at least ‘substantial’. The required assurance level should be proportionate to the level of cybersecurity risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; associated with the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;. For instance, where the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; has the core functionality of a category of critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; set out in this Regulation and is intended for the use in a sensitive or critical environment, such as products intended for the use of essential entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; as referred to in Article 3(1) of Directive (EU) 2022/2555, it may require the highest assurance level.