Summary

The Cyber Resilience Act (CRA) facilitates international trade by enabling the Union to conclude Mutual Recognition Agreements (MRAs) with third countries, promoting harmonized cybersecurity standards and reducing barriers for foreign manufacturers.

Relevant CRA Provisions

Recitals: Recital (123)

Articles: Article 34

Detailed Explanation

Recital (123) highlights the Union’s efforts to promote international trade in regulated products through various measures, including Mutual Recognition Agreements (MRAs) for conformity assessment. These agreements are established between the Union and third countries that have a comparable level of technical development and a compatible approach to conformity assessment. MRAs are based on the mutual acceptance of certificates, marks of conformity, and test reports issued by conformity assessment bodies of either party, in accordance with the other party’s legislation. The CRA allows for the conclusion of MRAs concerning conformity assessment for products regulated under this Regulation, in line with Article 218 TFEU. This cooperation with third countries is crucial for strengthening global cyber resilience and enhancing the cybersecurity framework both within and outside the Union.

Article 34 authorizes the Union to conclude MRAs with third countries, taking into account their level of technical development and approach to conformity assessment. This provision aims to promote and facilitate international trade by recognizing the conformity assessment procedures of third countries, thereby reducing the need for redundant testing and certification processes.

Obligations for Stakeholders

Manufacturers: Foreign manufacturers must ensure their products with digital elements comply with the essential cybersecurity requirements of the CRA. They should be prepared to engage in conformity assessment procedures recognized under any MRAs concluded by the Union.

Importers: Importers of products with digital elements from third countries must verify that the products comply with the CRA’s requirements and that the manufacturer has followed the appropriate conformity assessment procedures. They should also be aware of any MRAs that may apply to the products they import.

Distributors: Distributors should ensure that the products they offer are compliant with the CRA, especially if they place products on the market under their name or trademark, in which case they may be considered manufacturers under Article 21.

Market Surveillance Authorities: These authorities should cooperate with their counterparts in third countries to facilitate the implementation of MRAs and ensure the consistent application of cybersecurity standards across borders.