Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) – Official Journal
Provided by: reuschlaw
Table of contents
-
Chapter 1-General Provisions (Art. 1 - 12)
- Article 1-Subject matter
- Article 2-Scope
- Article 3-Definitions
- Article 4-Free movement
- Article 5-Procurement or use of products with digital elements
- Article 6-Requirements for products with digital elements
- Article 7-Important products with digital elements
- Article 8-Critical products with digital elements
- Article 9-Stakeholder consultation
- Article 10-Enhancing skills in a cyber resilient digital environment
- Article 11-General product safety
- Article 12-High-risk AI systems
-
Chapter 2-Obligations of economic operators and provisions in relation to free and Open-Source Software (Art. 13 - 26)
- Article 13-Obligations of manufacturers
- Article 14-Reporting obligations of manufacturers
- Article 15-Voluntary reporting
- Article 16-Establishment of a single reporting platform
- Article 17-Other provisions related to reporting
- Article 18-Authorised representatives
- Article 19-Obligations of importers
- Article 20-Obligations of distributors
- Article 21-Cases in which obligations of manufacturers apply to importers and distributors
- Article 22-Other cases in which obligations of manufacturers apply
- Article 23-Identification of economic operators
- Article 24-Obligations of open-source software stewards
- Article 25-Security attestation of free and open-source software
- Article 26-Guidance
-
Chapter 3-Conformity of the product with digital elements (Art. 27 - 34)
- Article 27-Presumption of conformity
- Article 28-EU-decleration of conformity
- Article 29-General principles of the CE marking
- Article 30-Rules and conditions for affixing the CE marking
- Article 31-Technical Documentation
- Article 32-Conformity assessment procedures for products with digital elements
- Article 33-Support measures for microenterprises and small and medium-sized enterprises, including start-ups
- Article 34-Mutual recognition agreements
-
Chapter 4-Notification of conformity assessment bodies (Art. 35 - 51)
- Article 35-Notification
- Article 36-Notifying authorities
- Article 37-Requirements relating to notifying authorities
- Article 38-Information obligation on notifying authorities
- Article 39-Requirements relating to notified bodies
- Article 40-Presumption of conformity of notified bodies
- Article 41-Subsidiaries of and subcontracting by notified bodies
- Article 42-Application for notification
- Article 43-Notification Procedure
- Article 44-Identification numbers and lists of notified bodies
- Article 45-Changes to notifications
- Article 46-Challenge of the competence of notified bodies
- Article 47-Operational obligations of notified bodies
- Article 48-Appeal against decisions of notified bodies
- Article 49-Information obligation on notified bodies
- Article 50-Exchange of experience
- Article 51-Coordination of notified bodies
-
Chapter 5-Market surveillance and enforcement (Art. 52 - 60)
- Article 52-Market surveillance and control of products with digital elements in the Union market
- Article 53-Access to data and documentation
- Article 54-Procedure at national level concerning products with digital elements presenting a significant cybersecurity risk
- Article 55-Union safeguard procedure
- Article 56-Procedure at Union level concerning products with digital elements presenting a significant cybersecurity risk
- Article 57-Compliant products with digital elements which present a cybersecurity risk
- Article 58-Formal non-compliance
- Article 59-Joint activities of market surveillance authorities
- Article 60-Sweeps
-
Chapter 6-Delegated powers and committee procedure (Art. 61 - 62)
- Article 61-Exercise of the delegation
- Article 62-Committee procedure
-
Chapter 7-Confidentiality and penalties (Art. 63 - 65)
- Article 63-Confidentiality
- Article 64-Penalties
- Article 65-Representative actions
-
Chapter 8-Transitional and final provisions (Art. 66 - 71)
- Article 66-Amendment to Regulation (EU) 2019/1020
- Article 67-Amendment to Directive (EU) 2020/1828
- Article 68-Amendment to Regulation (EU) No 168/2013
- Article 69-Transitional provisions
- Article 70-Evaluation and review
- Article 71-Entry into force and application
Annexes
-
Annex I-Essential cybersecurity requirements
-
Annex II-Information and instructions to the user
-
Annex III-Important products with digital elements
-
Annex IV-Critical products with digital elements
-
Annex V-EU-Decleration of conformity
-
Annex VI-Simplified EU-Decleration of conformity
-
Annex VII-Content of the technical documentation
-
Annex VIII-Conformity assessment procedures