7 Amendments of Christophe GRUDLER related to 2022/0272(COD)
Amendment 177 #
Proposal for a regulation
Recital 39
Recital 39
(39) Regulation (EU) 2019/881 establishes a voluntary European cybersecurity certification framework for ICT products, processes and services. European cybersecurity certification schemes can cover products with digital elements covered by this Regulationthus provide a common framework of trust for users to use ICT products by assessing their level of cybersecurity. This Regulation should consequently create synergies with Regulation (EU) 2019/881. Regulation (EU) 2019/881 should address products with critical cybersecurity aspects and this Regulation should be dedicated to minimising the risk of incidents and cyberattacks. In order to facilitate the assessment of conformity with the requirements laid down in this Regulation, products with digital elements that are certified or for which a statement of conformity has been issued under a cybersecurity scheme pursuant to Regulation (EU) 2019/881 and which has been identified by the Commission in an implementing act, shall be presumed to be in compliance with the essential requirements of this Regulation in so far as the cybersecurity certificate or statement of conformity or parts thereof cover those requirements. The need for new European cybersecurity certification schemes for products with digital elements should be assessed in the light of this Regulation. Such future European cybersecurity certification schemes covering products with digital elements should take into account the essential requirements as set out in this Regulation and facilitate compliance with this Regulation. The Commission should be empowered to specify, by means of implementing acts, the use of European cybersecurity certification schemes that can be usedfor critical products to demonstrate conformity with the essential requirements set out in this Regulation. Furthermore, in order to avoid undue administrative burden for manufacturers, wthere applicable, the Commission should specify if a cybersecurity certificate issued under such European cybersecurity certification schemes eliminates theshould be no obligation foron manufacturers to carry out a third-party conformity assessment as provided by this Regulation for corresponding requirements where a cybersecurity certificate has been issued under such European cybersecurity certification schemes, at a substantial or high level.
Amendment 203 #
Proposal for a regulation
Recital 70 a (new)
Recital 70 a (new)
(70a) This Regulation is without prejudice to the Member States’ prerogatives to take measures safeguarding national security, in compliance with Union law. Member States should be able to apply additional measures to products with digital elements that are used for military, defence or national security purposes.
Amendment 214 #
Proposal for a regulation
Article 2 – paragraph 5
Article 2 – paragraph 5
5. This Regulation does not apply to products with digital elements developed exclusively for public security, national security, defence or military purposes or to products specifically designed to process classified information.
Amendment 254 #
Proposal for a regulation
Article 4 – paragraph 3 a (new)
Article 4 – paragraph 3 a (new)
3a. This Regulation shall not prevent Member States from applying additional measures to products with digital elements provided that such measures are proportionate and aim to safeguard products, infrastructure or processed information and provided that those specific products are used for critical system functions or critical components deployed in sectors of high criticality as set out in Annex I to Directive (EU) 2022/2555.
Amendment 279 #
Proposal for a regulation
Article 10 – paragraph 6 – subparagraph 1
Article 10 – paragraph 6 – subparagraph 1
Amendment 282 #
Proposal for a regulation
Article 10 – paragraph 6 – subparagraph 1 a (new)
Article 10 – paragraph 6 – subparagraph 1 a (new)
Manufacturers shall determine the expected product lifetime referred to in the first subparagraph of this paragraph taking into account the time users reasonably expect to be able to use the product given functionality and intended purpose and therefore can expect to receive security updates.
Amendment 366 #
Proposal for a regulation
Article 18 – paragraph 4
Article 18 – paragraph 4
4. The Commission is empowered, by means of implementing acts, to specify the European cybersecurity certification schemes adopted pursuant to Regulation (EU) 2019/881 that cano be used to demonstrate conformity of critical products with digital elements with the essential requirements or parts thereof as set out in Annex I. Furthermore, where applicable, the Commission shall specify ithe issuance of a cybersecurity certificate issued under such schemes, at substantial or high level, eliminates the obligation of a manufacturer to carry out a third-party conformity assessment for the corresponding requirements, as set out in Article 24(2)(a), (b), (3)(a) and (b). Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 51(2).