This Regulation establishes the circumstances, formats and procedures for notifications of conformity assessment bodies by national cybersecurity certification authorities (NCCAs) pursuant to Article 61(1) of Regulation (EU) 2019/881.
資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex
Commission Implementing Regulation (EU) 2024/3143 of 18 December 2024 establishing the circumstances, formats and procedures for notifications pursuant to Article 61(5) of Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification
1. In accordance with Article 61(1) of Regulation (EU) 2019/881, the NCCAs shall notify the Commission of the conformity assessment bodies which have satisfied the requirements laid down in Regulation (EU) 2019/881 and, where applicable, the specific or additional requirements under a European cybersecurity certification scheme.
2. The NCCA shall notify the Commission using the electronic notification tool developed and managed by the Commission, as referred to in Decision No 768/2008/EC.
3. The notification shall include the information set out in the Annex.
1. The Commission shall assign an identification number to a notified conformity assessment body. It shall assign a single identification number even where the body is notified under several European cybersecurity certification schemes or Union acts.
2. When making the list of the notified conformity assessment bodies available on the electronic notification tool developed and managed by the Commission, the Commission shall include the identification numbers that have been allocated to the notified conformity assessment bodies and the activities for which they have been notified.
3. ENISA shall make the information regarding the notified conformity assessment bodies available on its dedicated website on European cybersecurity certification schemes referred to in Article 50(1) of Regulation (EU) 2019/881.
1. The NCCAs shall notify the Commission of any subsequent changes to the notification referred to Article 2 via the electronic notification tool developed and managed by the Commission without undue delay, in accordance with Article 61(1) of Regulation (EU) 2019/881.
2. Where a NCCA has ascertained, in cooperation with the national accreditation body, as provided for in Regulation (EU) 2019/881, that a notified conformity assessment body no longer meets the requirements or obligations to which it is subject, the NCCA shall restrict, suspend or withdraw the notification as appropriate, depending on the seriousness of the failure to meet those requirements or fulfil those obligations. It shall inform the Commission accordingly via the electronic notification tool developed and managed by the Commission without undue delay.
3. In the event of restriction, suspension or withdrawal of notification, or where the notified conformity assessment body has ceased its activity, the notifying NCCA shall take appropriate steps to ensure that the records of that conformity assessment body are stored in a secure manner and kept for the necessary period, as prescribed under a European cybersecurity certification scheme.
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .
Schedules & Appendices
ANNEX
Information to be included in the notification of a conformity assessment body under a European cybersecurity certification scheme pursuant to Article 61(1) of Regulation (EU) 2019/881, as referred to in Article 2(3) of this Regulation
1.
General information:
(1)
Title of the cybersecurity certification scheme
(2)
Assurance level(s), where applicable, and related conformity assessment procedures (e.g. basic, substantial, high)
(3)
Scope (e.g. accreditation scope, categories or types of products, services, processes)
2.
Information on the notifying national cybersecurity certification authority:
(1)
Name
(2)
Country
(3)
Postal address
(4)
Email address(es)
(5)
Phone number(s)
(6)
Website
3.
Information on the conformity assessment body being notified:
(1)
Name
(2)
Country
(3)
Postal address
(4)
Email address(es)
(5)
Phone number(s)
(6)
Website
4.
Information on the accreditation:
(1)
Accreditation:
(a)
Date of the accreditation
(b)
Reference number of the accreditation
(c)
Scope of the accreditation
(d)
Duration of validity of the accreditation
(2)
National accreditation body:
(a)
Name
(b)
Country
(c)
Postal address
(d)
Email address(es)
(e)
Phone number(s)
(f)
Website
5.
Information on the authorisation (if applicable):
(1)
Authorisation:
(a)
Date of the authorisation
(b)
Reference number of the authorisation
(c)
Scope of the authorisation
(d)
Duration of validity of the authorisation
(2)
Authorising national cybersecurity authority (if different from the notifying national cybersecurity certification authority):
(a)
Name
(b)
Country
(c)
Postal address
(d)
Email address(es)
(e)
Phone number(s)
(f)
Website
6.
Additional information:
(1)
Any additional information required in a specific European cybersecurity certification scheme
(2)
Any supporting documents
Cite this act
Commission Implementing Regulation (EU) 2024/3143 of 18 December 2024 establishing the circumstances, formats and procedures for notifications pursuant to Article 61(5) of Regulation (EU) 2019/881 of the European Parliament and of the Council on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32024R3143
© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.
本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com