Euralarm statement on CRA critical products
Euralarm is looking forward to having a clear and proportionate final text of the Cyber Resilience Act. Should some products from the sectors covered by Euralarm be considered as critical Class I, we would like to attract the attention of the co-legislators on two elements that are key to us.
Wording for description of category
In case the co-legislators wish to list some kinds of security products or alarm systems in the Annex III as critical Class I category, Euralarm asks for using well defined terms. In particular, word like “smart” that appears in the compromised amendments from the European Parliament is not a defined term and can lead to various interpretations. Such a vaguely described category does not allow the industry to adequately anticipate the application of the new Regulation.
Even though we acknowledge that, according to Article 6(3), this category will be further defined by either a Delegated Act or an Implementing Act, such a complementary Act will only be available more than a year after the Entry into Force of the CRA, which leaves a very limited time to apply the required conformity assessment procedure.
We therefore ask the co-legislators to provide in the CRA a description of the category that is as clear as possible in order for our members to understand the range of products that are targeted by the European Parliament and the Council.
Preparation of either delegated Act or Implementing Act
Article 6(3) provides for complementary acts to be prepared after the Entry into Force of the CRA and defining in detail the categories of products listed in Annex III. We believe that, in addition to the experts mandated by the Member States, the contributions from the industry stakeholders placing these products on the market will help the European Commission to produce complementary acts that are well understood and interpreted and that ensure legal certainty for the industry. Such an involvement has been proofed beneficial during the process lead by DG GROW when preparing the Delegated Act under the Radio Equipment Directive and enforcing cybersecurity and privacy essential requirements.
We therefore ask the European Commission, more specifically DG CNECT, to involve the industry stakeholders in the preparation of the complementary acts foreseen by Article 6(3) of the CRA.
Download the statement here: