Article 2, Scope
1. This Regulation applies to products with digital elements whose intended or reasonably foreseeable use includes a direct or indirect logical or physical data connection to a device or network.
2. This Regulation does not apply to products with digital elements to which the following Union acts apply:
(a) Regulation (EU) 2017/745;
(b) Regulation (EU) 2017/746;
(c) Regulation (EU) 2019/2144.
3. This Regulation does not apply to products with digital elements that have been certified in accordance with Regulation (EU) 2018/1139.
4. The application of this Regulation to products with digital elements covered by other Union rules laying down requirements that address all or some of the risks covered by the essential requirements set out in Annex I may be limited or excluded, where:
(a) such limitation or exclusion is consistent with the overall regulatory framework applying to those products; and
(b) the sectoral rules achieve the same level of protection as the one provided for by this Regulation.
The Commission is empowered to adopt delegated acts in accordance with Article 50 to amend this Regulation specifying whether such limitation or exclusion is necessary, the concerned products and rules, as well as the scope of the limitation, if relevant.
5. This Regulation does not apply to products with digital elements developed exclusively for national security or military purposes or to products specifically designed to process classified information.
Cyber Resilience Act Text 15.9.2022
You may also visit:
Digital Operational Resilience Act (DORA)