Article 24 - Conformity assessment procedures for products with digital elements
1. The manufacturer shall perform a conformity assessment of the product with digital elements and the processes put in place by the manufacturer to determine whether the essential requirements set out in Annex I are met. The manufacturer or the manufacturer’s authorised representative shall demonstrate conformity with the essential requirements by using one of the following procedures:
(a) the internal control procedure (based on module A) set out in Annex VI; or
(b) the EU-type examination procedure (based on module B) set out in Annex VI followed by conformity to EU-type based on internal production control (based on module C) set out in Annex VI; or
(c) conformity assessment based on full quality assurance (based on module H) set out in Annex VI.
2. Where, in assessing the compliance of the critical product with digital elements of class I as set out in Annex III and the processes put in place by its manufacturer with the essential requirements set out in Annex I, the manufacturer or the manufacturer’s authorised representative has not applied or has applied only in part harmonised standards, common specifications or European cybersecurity certification schemes as referred to in Article 18, or where such harmonised standards, common specifications or European cybersecurity certification schemes do not exist, the product with digital elements concerned and the processes put in place by the manufacturer shall be submitted with regard to those essential requirements to either of the following procedures:
(a) EU-type examination procedure (based on module B) provided for in Annex VI followed by conformity to EU-type based on internal production control (based on module C) set out in Annex VI; or
(b) conformity assessment based on full quality assurance (based on module H) set out in Annex VI.
3. Where the product is a critical product with digital elements of class II as set out in Annex III, the manufacturer or the manufacturer’s authorised representative shall demonstrate conformity with the essential requirements set out in Annex I by using one of the following procedures:
(a) EU-type examination procedure (based on module B) set out in Annex VI followed by conformity to EU-type based on internal production control (based on module C) set out in Annex VI; or
(b) conformity assessment based on full quality assurance (based on module H) set out in Annex VI.
4. Manufacturers of products with digital elements that are classified as EHR systems under the scope of Regulation [the European Health Data Space Regulation] shall demonstrate conformity with the essential requirements laid down in Annex I of this Regulation using the relevant conformity assessment procedure as required by Regulation [Chapter III of the European Health Data Space Regulation].
5. Notified bodies shall take into account the specific interests and needs of small and medium sized enterprises (SMEs) when setting the fees for conformity assessment procedures and reduce those fees proportionately to their specific interests and needs.
Cyber Resilience Act Text 15.9.2022
You may also visit: