icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) (Text with EEA relevance)RecitalsChapter I General ProvisionsArticle 1 Subject matterArticle 2 ScopeArticle 3 DefinitionsArticle 4 Free movementArticle 5 Procurement or use of products with digital elementsArticle 6 Requirements for products with digital elementsArticle 7 Important products with digital elementsArticle 8 Critical products with digital elementsArticle 9 Stakeholder consultationArticle 10 Enhancing skills in a cyber resilient digital environmentArticle 11 General product safetyArticle 12 High-risk AI systemsChapter II Obligations of economic operators and provisions in relation to free and open-source softwareArticle 13 Obligations of manufacturersArticle 14 Reporting obligations of manufacturersArticle 15 Voluntary reportingArticle 16 Establishment of a single reporting platformArticle 17 Other provisions related to reportingArticle 18 Authorised representativesArticle 19 Obligations of importersArticle 20 Obligations of distributorsArticle 21 Cases in which obligations of manufacturers apply to importers and distributorsArticle 22 Other cases in which obligations of manufacturers applyArticle 23 Identification of economic operatorsArticle 24 Obligations of open-source software stewardsArticle 25 Security attestation of free and open-source softwareArticle 26 GuidanceChapter III Conformity of the product with digital elementsArticle 27 Presumption of conformityArticle 28 EU declaration of conformityArticle 29 General principles of the CE markingArticle 30 Rules and conditions for affixing the CE markingArticle 31 Technical documentationArticle 32 Conformity assessment procedures for products with digital elementsArticle 33 Support measures for microenterprises and small and medium-sized enterprises, including start-upsArticle 34 Mutual recognition agreementsChapter IV Notification of conformity assessment bodiesArticle 35 NotificationArticle 36 Notifying authoritiesArticle 37 Requirements relating to notifying authoritiesArticle 38 Information obligation on notifying authoritiesArticle 39 Requirements relating to notified bodiesArticle 40 Presumption of conformity of notified bodiesArticle 41 Subsidiaries of and subcontracting by notified bodiesArticle 42 Application for notificationArticle 43 Notification procedureArticle 44 Identification numbers and lists of notified bodiesArticle 45 Changes to notificationsArticle 46 Challenge of the competence of notified bodiesArticle 47 Operational obligations of notified bodiesArticle 48 Appeal against decisions of notified bodiesArticle 49 Information obligation on notified bodiesArticle 50 Exchange of experienceArticle 51 Coordination of notified bodiesChapter V Market surveillance and enforcementArticle 52 Market surveillance and control of products with digital elements in the Union marketArticle 53 Access to data and documentationArticle 54 Procedure at national level concerning products with digital elements presenting a significant cybersecurity riskArticle 55 Union safeguard procedureArticle 56 Procedure at Union level concerning products with digital elements presenting a significant cybersecurity riskArticle 57 Compliant products with digital elements which present a significant cybersecurity riskArticle 58 Formal non-complianceArticle 59 Joint activities of market surveillance authoritiesArticle 60 SweepsChapter VI Delegated powers and committee procedureArticle 61 Exercise of the delegationArticle 62 Committee procedureChapter VII Confidentiality and penaltiesArticle 63 ConfidentialityArticle 64 PenaltiesArticle 65 Representative actionsChapter VIII Transitional and final provisionsArticle 66 Amendment to Regulation (EU) 2019/1020Article 67 Amendment to Directive (EU) 2020/1828Article 68 Amendment to Regulation (EU) No 168/2013Article 69 Transitional provisionsArticle 70 Evaluation and reviewArticle 71 Entry into force and applicationAnnex I Essential cybersecurity requirementsAnnex II Information and instructions to the userAnnex III Important products with digital elementsAnnex IV Critical products with digital elementsAnnex V EU Declaration of conformityAnnex VI Simplified EU declaration of conformityAnnex VII Content of the technical documentationAnnex VIII Conformity assessment proceduresDone at
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 23rd December 2024
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext
Version status: Published | Document consolidation status: No known changes
Version date: 20 November 2024 - onwards

Article 54 Procedure at national level concerning products with digital elements presenting a significant cybersecurity risk

1. Where the market surveillance authority of a Member State has sufficient reason to consider that a product with digital elements, including its vulnerability handling, presents a significant cybersecurity risk, it shall, without undue delay and, where appropriate, in cooperation with the relevant CSIRT, carry out an evaluation of theproduct with digital elements concerned in respect of its compliance with all the requirements laid down in this Regulation. The relevant economic operators shall cooperate with the market surveillance authority as necessary.

Where, in the course of that evaluation, the market surveillance authority finds that the product with digital elements does not comply with the requirements laid down in this Regulation, it shall without delay require the relevant economic operator to take all appropriate corrective actions to bring the product with digital elements into compliance with those requirements, to withdraw it from the market, or to recall it within a reasonable period, commensurate with the nature of the cybersecurity risk, as the market surveillance authority may prescribe.

The market surveillance authority shall inform the relevantnotified body accordingly. Article 18 of Regulation (EU) 2019/1020 shall apply to the corrective actions.

PreviousNext