Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 60 Minimum support period

The support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I; for which the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; ensures the effective handling of vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; should be no less than five years, unless the lifetime of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; is less than five years, in which case the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should ensure the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling for that lifetime. Where the time the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; is reasonably expected to be in use is longer than five years, as is often the case for hardware means a physical electronic information system, or parts thereof capable of processing, storing or transmitting digital data; components means software or hardware intended for integration into an electronic information system; such as motherboards or microprocessors, network devices such as routers, modems or switches, as well as software means the part of an electronic information system which consists of computer code;, such as operating systems or video-editing tools, manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should accordingly ensure longer support periods means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I;. In particular, products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; intended for use in industrial settings, such as industrial control systems, are often in use for significantly longer periods of time. A manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should be able to define a support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I; of less than five years only where this is justified by the nature of the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; concerned and where that product is expected to be in use for less than five years, in which case the support period means the period during which a manufacturer is required to ensure that vulnerabilities of a product with digital elements are handled effectively and in accordance with the essential cybersecurity requirements set out in Part II of Annex I; should correspond to the expected use time. For instance, the lifetime of a contact tracing application intended for use during a pandemic could be limited to the duration of the pandemic. Moreover, some software means the part of an electronic information system which consists of computer code; applications can by nature only be made available on the basis of a subscription model, in particular where the application becomes unavailable to the user and is consequently not in use anymore once the subscription expires.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod