The EU Assurance Paradigm: CRA Conformity Assessment Procedures and Presumption of Conformity with CSA (B21a)
The CRA proposal provides horizontal cybersecurity requirements for products with digital elements and endorses the objective of improving the security of the products that are placed on the market and allow users to be aware of the cybersecurity problem. This is achieved by defining essential requirements whose compliance shall be demonstrated via a conformity assessment procedure consisting of a menu of conformity modules. The module to be used will depend on the product category, which is specified based on a risk analysis developed by the vendor. This presentation analyzes the CRA – Art 24 conformity assurance procedures based on NLF- Decision 768/2008/EC and the CRA – Article 18 Presumption of conformity based on EU CSA certification schemes and concludes with the potential perception of the security that consumers could have of products placed on the European market.