Summary

This article outlines the specific responsibilities and powers of national authorities in enforcing the EU Cyber Resilience Act (CRA), detailing their role in monitoring, enforcement actions, and collaboration with other entities to maintain cyber resilience.

Relevant CRA Provisions

Detailed Explanation

National authorities play a crucial role in enforcing the CRA by ensuring compliance with cybersecurity requirements for products with digital elements. These authorities are responsible for designating notifying authorities, which assess and notify conformity assessment bodies. They must ensure that these bodies operate without conflicts of interest and maintain objectivity and impartiality. National authorities also conduct market surveillance, including coordinated control actions (sweeps) to check compliance and detect infringements. They have the power to impose administrative fines for non-compliance, with the amount determined based on the nature and gravity of the infringement, the size of the economic operator, and other relevant circumstances. Collaboration with entities like ENISA is essential for effective implementation and enforcement of the CRA.

Obligations for Stakeholders

National Authorities: Must designate notifying authorities, conduct market surveillance, impose administrative fines for non-compliance, and collaborate with other entities like ENISA.

Notifying Authorities: Responsible for assessing, designating, and notifying conformity assessment bodies, ensuring no conflicts of interest, maintaining objectivity, and safeguarding confidentiality.

Market Surveillance Authorities: Conduct sweeps, use investigation powers, impose administrative fines, and cooperate with other Member States and the Commission.

Economic Operators: Must cooperate with market surveillance authorities and other competent authorities, ensuring compliance with the CRA’s requirements.