Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 91 Conformity assessment procedure modules

Conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that are not listed as important or critical products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in this Regulation can be carried out by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; under its own responsibility following the internal control procedure based on module A of Decision No 768/2008/EC in accordance with this Regulation. This also applies to cases where a manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; chooses not to apply in whole or in part an applicable harmonised standard means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012;, common specification or European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification scheme. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; retains the flexibility to choose a stricter conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedure involving a third party. Under the internal control conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedure, the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; ensures and declares on its sole responsibility that the product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; and the processes of the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; meet the applicable essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation. If an important product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; falls under class I, additional assurance is required to demonstrate conformity with the essential cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; requirements set out in this Regulation. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should apply harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012;, common specifications or European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes adopted pursuant to Regulation (EU) 2019/881 which have been identified by the Commission in an implementing act if it wants to carry out the conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; under its own responsibility (module A). If the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; does not apply such harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012;, common specifications or European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes, the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should undergo conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; involving a third party (based on modules B and C or module H). Taking into account the administrative burden on manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; and the fact that cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; plays an important role in the design and development phase of tangible and intangible products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; procedures based on modules B and C or module H of Decision No 768/2008/EC have been chosen as most appropriate for assessing the compliance of important products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; in a proportionate and effective manner. The manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; that carries out the third-party conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; can choose the procedure that best suits its design and production process. Given the even greater cybersecurity risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; linked with the use of important products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; that fall under class II, the conformity assessment means the process of verifying whether the essential cybersecurity requirements set out in Annex I have been fulfilled; should always involve a third party, even where the product complies fully or partly with harmonised standards means a harmonised standard as defined in Article 2, point (1)(c), of Regulation (EU) No 1025/2012;, common specifications or European cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; certification schemes. Manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; of important products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; qualifying as free and open-source software means software the source code of which is openly shared and which is made available under a free and open-source licence which provides for all rights to make it freely accessible, usable, modifiable and redistributable; should be able to follow the internal control procedure based on module A, provided that they make the technical documentation available to the public.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod