Article 33 Support measures for microenterprises and small and medium-sized enterprises, including start-ups

In relation to microenterprises and small enterprises, in order to ensure proportionality, it is appropriate to alleviate administrative costs without affecting the level of cybersecurity protection of products with digital elements that fall within the scope of this Regulation or the level playing field among manufacturers. It is therefore appropriate for the Commission to establish a simplified technical documentation form targeted at the needs of microenterprises and small enterprises. The simplified technical documentation form adopted by the Commission should cover all the applicable elements related to technical documentation set out in this Regulation and specify how a microenterprise or a small enterprise can provide the requested elements in a concise way, such as the description of the design, development and production of the product with digital elements. In doing so, the form would contribute to alleviating the administrative compliance burden by providing the enterprises concerned with legal certainty about the extent and detail of information to be provided. Microenterprises and small enterprises should be able to choose to provide the applicable elements related to technical documentation in extensive form and not take advantage of the simplified technical form available to them.

In order to promote and protect innovation, it is important that the interests of manufacturers that are microenterprises or small or medium-sized enterprises, in particular microenterprises and small enterprises, including start-ups, are taken into particular account. To that end, Member States could develop initiatives which are targeted at manufacturers that are microenterprises or small enterprises, including on training, awareness raising, information communication, testing and third-party conformity assessment activities, as well as the establishment of sandboxes. Translation costs related to mandatory documentation, such as the technical documentation and the information and instructions to the user required pursuant to this Regulation, and communication with authorities, may constitute a significant cost for manufacturers, in particular those of a smaller size. Therefore, Member States should be able to consider that one of the languages determined and accepted by them for relevant manufacturers’ documentation and for communication with manufacturers is one which is broadly understood by the largest possible number of users.

The objectives of regulatory sandboxes should be to foster innovation and competitiveness for businesses by establishing controlled testing environments before the placing on the market of products with digital elements. Regulatory sandboxes should contribute to improve legal certainty for all actors that fall within the scope of this Regulation and facilitate and accelerate access to the Union market for products with digital elements, in particular when provided by microenterprises and small enterprises, including start-ups.

It is important to provide support to microenterprises and small and medium-sized enterprises, including start-ups, in the implementation of this Regulation and to minimise the risks to the implementation resulting from lack of knowledge and expertise in the market, as well as in order to facilitate compliance of manufacturers with their obligations laid down in this Regulation. The Digital Europe Programme and other relevant Union programmes provide financial and technical support that enable those enterprises to contribute to the growth of the Union economy and to the strengthening of the common level of cybersecurity in the Union. The European Cybersecurity Competence Centre and National Coordination Centres as well as European Digital Innovation Hubs established by the Commission and the Member States at Union or national level could also support companies and public sector organisations and could contribute to the implementation of this Regulation. Within their respective missions and fields of competence, they could provide technical and scientific support to microenterprises and small and medium sized enterprises, such as for testing activities and third-party conformity assessments. They could also foster the deployment of tools to facilitate the implementation of this Regulation.

Furthermore, Member States should consider taking complementary action aiming to provide guidance and support for microenterprises and small and medium-sized enterprises, such as the establishment of regulatory sandboxes and dedicated channels for communication. In order to strengthen the level of cybersecurity in the Union, Member States may also consider providing support to develop capacity and skills related to cybersecurity of products with digital elements, improving the cyber resilience of economic operators, in particular of microenterprises and small and medium-sized enterprises, and fostering public awareness about the cybersecurity of products with digital elements.