02 Jul 2026
by Martin Franke

Euralarm recommends objecting to the scope of draft prEN 40000-10

Euralarm recommends expressing a strong objection to the current scope of draft prEN 40000-10 which threatens to undermine the free choice of standards for demonstrating compliance with CRA essential requirements for fire safety and security products in the default category

Euralarm has published an Approved Recommendation. Euralarm recommends objecting to the scope of draft prEN 40000-10 prepared by CEN/TC 224 in the context of the CRA.

CEN/TC 224 has been requested by the European Commission to draft a harmonised standard supporting the Cyber Resilience Act (CRA) for the category of important products “Identity management systems and privileged access management software and hardware, including authentication and access control readers, including biometric readers”. That standard is supposed to cover products that are placed on the EU market with that functionality being its core functionality.

However, the draft currently under public enquiry is extending the scope beyond that core functionality and explicitly lists as examples “anti-intrusion systems” (meaning intrusion alarm systems) and “CCTV” (meaning Video Surveillance Systems). Moreover, the annexes explicitly list all the components of fire detection systems, intrusion detection systems and video surveillance systems.

This anomaly was detected in November last year and a discussion occurred in January between representatives of CLC/TC 79, CEN/TC 72, IEC/TC 79, CCMC and the European Commission (DG Connect) with the rapporteur for that standard. The rapporteur committed to remove all references to fire detection systems, intrusion detection systems and video surveillance systems. This commitment did not actually produce the expected effect. Besides the fact that the legal basis for such an extended scope may be open to interpretation under the CRA framework, it poses a risk of confusion in the market: the current draft scope and technical content include products that are in the default category of the CRA and for which the manufacturer is supposed to have some freedom in choosing the standard for demonstrating conformity. If the standard is published with those contentious elements, the market could consider it to be “the state of the art” for alarm systems. Considering that this document has been drafted without giving to the relevant TC’s (CLC/TC 79, CEN/TC 72) the opportunity to provide their expertise, this draft standard cannot be considered as state of the art for those products. The fact that there are obvious  errors in the language used to name the systems and products demonstrates a lack of expertise from alarm sector in the TC224 working group). A confusing message to the market and inconsistent language should definitely be avoided.

Read the full recommendation here.