Quilnett

CRA-13-4: Inclusion of cybersecurity risk assessment in technical documentation

Mandatory

Requirement:

When placing a product with digital elements on the market, the manufacturer shall include the cybersecurity risk assessment referred to in paragraph 3 of this Article in the technical documentation required pursuant to Article 31 and Annex VII. For products with digital elements as referred to in Article 12, which are also subject to other Union legal acts, the cybersecurity risk assessment may be part of the risk assessment required by those Union legal acts. Where certain essential cybersecurity requirements are not applicable to the product with digital elements, the manufacturer shall include a clear justification to that effect in that technical documentation.

Standards

CRA-13-4: Inclusion of cybersecurity risk assessment in technical documentation

Mandatory

Requirement:

Guidance: