| (2)(e) | Protect the confidentiality of stored, transmitted or otherwise processed data, personal or other, such as by encrypting relevant data at rest or in transit by state of the art mechanisms, and by using other technical means;| 5.2, 6.2 & 6.3|
| (2)(f) | Protect the integrity of stored, transmitted or otherwise processed data, personal or other, commands, programs and configuration against any manipulation or modification not authorised by the user, and report on corruptions;| 5.1, 5.2, 5.3, 5.4, 5.7, 5.9 |
| (2)(g) | Process only data, personal or other, that are adequate, relevant and limited to what is necessary in relation to the intended purpose of the product with digital elements (data minimisation);| 5 |
| (2)(h) | Protect the availability of essential and basic functions, also after an incident, including through resilience and mitigation measures against denial-of-service attacks;| 5.1 5.2, 6.2 & 6.3 |
| (2)(h) | Protect the availability of essential and basic functions, also after an incident, including through resilience and mitigation measures against denial-of-service attacks;| 5.1, 6.2 & 6.3 |
| (2)(i) | Minimise the negative impact by the products themselves or connected devices on the availability of services provided by other devices or networks; | 5 & 6 |
| (2)(j) | Be designed, developed and produced to limit attack surfaces, including external interfaces; | 5, 6 & Annex B |
| (2)(k) | Be designed, developed and produced to reduce the impact of an incident using appropriate exploitation mitigation mechanisms and techniques; | 5, 6 & Annex B |
