Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 81 Voluntary European cybersecurity certification framework

Regulation (EU) 2019/881 establishes a voluntary European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification framework for ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;, ICT processes and ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services;. European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes provide a common framework of trust for users to use products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that fall within the scope of this Regulation. This Regulation should consequently create synergies with Regulation (EU) 2019/881. In order to facilitate the assessment of conformity with the requirements laid down in this Regulation, products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that are certified or for which a statement of conformity has been issued under a European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; scheme pursuant to Regulation (EU) 2019/881 that has been identified by the Commission in an implementing act, shall be presumed to be in compliance with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation in so far as the European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certificate or statement of conformity or parts thereof cover those requirements. The need for new European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes for products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; should be assessed in the light of this Regulation, including when preparing the Union rolling work programme in accordance with Regulation (EU) 2019/881. Where there is a need for a new scheme covering products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, including in order to facilitate compliance with this Regulation, the Commission can request ENISA to prepare candidate schemes in accordance with Article 48 of Regulation (EU) 2019/881. Such future European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes covering products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; should take into account the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements and conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedures as set out in this Regulation and facilitate compliance with this Regulation. For European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes that enter into force before the entry into force of this Regulation, further specifications may be needed on detailed aspects of how a presumption of conformity can apply. The Commission, by means of delegated acts, should be empowered to specify under which conditions the European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes can be used to demonstrate conformity with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation. Furthermore, to avoid undue administrative burdens, there should be no obligation for manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; to carry out a third-party conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; as provided for in this Regulation for corresponding requirements where a European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certificate has been issued under such European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes at least at level ‘substantial’.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod