Source: OJ L 2024/2847, 20.11.2024Current language: FR
- Cyber resilience for products with digital elements
Basic legislative acts
- CRA regulation
Article 53 Accès aux données et à la documentation
Summary What does Article 53 of the CRA regulation say?
This is a notably brief but practically significant article within the market surveillance framework of the regulation.
It establishes the access rights of market surveillance authorities when they need to assess whether a product with digital elements and its manufacturer's processes actually meet the essential cybersecurity requirements set out in Annex I.
Rather than defining enforcement powers or penalties, this article focuses specifically on the informational access that underpins any meaningful compliance evaluation, granting authorities the ability to look inside the economic operator's operations.
Important points:
- Market surveillance authorities are granted access, upon a reasoned request, to all data necessary to assess the design, development, production, and vulnerability handling of a product with digital elements.
- This access right extends to internal documentation held by any relevant economic operator, not just the manufacturer.
- The data must be provided in a language easily understood by the market surveillance authority making the request.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Lorsque cela est nécessaire pour évaluer la conformité des produits comportant des éléments numériques et des processus mis en place par leurs fabricants aux exigences essentielles de cybersécurité énoncées à l’annexe I, les autorités de surveillance du marché, sur demande motivée, ont accès, dans une langue qu’elles comprennent facilement, aux données requises pour évaluer la conception, le développement, la production et le traitement des vulnérabilités de ces produits, y compris la documentation interne correspondante de l’opérateur économique concerné.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
cybersécurité
(En. cybersecurity)
Definition
opérateur économique
(En. economic operator)
Definition
mise à disposition sur le marché
(En. making available on the market)
Definition
mandataire
(En. authorised representative)
Definition
distributeur
(En. distributor)
Definition
composant
(En. component)
Definition
importateur
(En. importer)
Definition
logiciel
(En. software)
Definition
produit comportant des éléments numériques
(En. product with digital elements)
Definition
fabricant
(En. manufacturer)
Definition
système d’information électronique
(En. electronic information system)
Definition
traitement de données à distance
(En. remote data processing)