Commit 3e8c10c0 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Generic list of out-of-scope based on CRA

parent 8ce570a2

EN-304-625.md

+17 −0
Original line number Diff line number Diff line
@@ -218,6 +218,23 @@ For the purposes of the present document, the [following] abbreviations [given i 


_List uses/environments covered by other legislation or standards (critical, industrial, medical, etc.). Hoping to have a reusable generic list of these soon._



The types of product with digital elements listed in the section do not fall within the scope of the the Regulation (EU) 2024/2847 (Cyber Resilience Act), and are not covered by this standard:



1. Services, except for the remote data processing solutions for a covered product as defined in CRA recitals 11-12; article 3, 2 <a name="_ref_i.1">[i.1]</a>;

2. Products specifically designed or procured for national security and defence purpose as defined in CRA recitals 14 and 26; article 2, 7-8 <a name="_ref_i.1">[i.1]</a>;

3. Products developed for or used exclusively for internal use by public administration as defined in CRA recital 16; article 5, 2 <a name="_ref_i.1">[i.1]</a>;

4. Non-commercial free and open source software as defined in CRA recitals 17-21; article 13, 5 <a name="_ref_i.1">[i.1]</a>;

5. Medical Devices and Software as defined in CRA recital 25; article 2, 2 [a-b] <a name="_ref_i.1">[i.1]</a>;

6. Vehicles, including aviation and marine equipment as defined in CRA recital 27; article 2, 2.c "vehicles"; recital 27; article 2, 3 "aviation"; article 2, 4 "marine equipment" <a name="_ref_i.1">[i.1]</a>;

7. Spare and used parts as defined in CRA recital 29; article 2, 6 <a name="_ref_i.1">[i.1]</a>;

8. Refurbished, repaired, and upgraded products that have not been substantially modifiedas defined in recitals 39 - 42 <a name="_ref_i.1">[i.1]</a>;



The following types of products have reduced or varied requirements under Regulation (EU) 2024/2847 (Cyber Resilience Act) <a name="_ref_i.1">[i.1]</a> and can only be partially covered by this standard.



9. High Risk AI as defined in CRA recital 51; article 12 <a name="_ref_i.1">[i.1]</a>;

10. Testing and unfinished versions as defined in recital 37; Article 4, 2-3 <a name="_ref_i.1">[i.1]</a>;

11. Products Placed on the Market Prior to December 11, 2027 as defined in CRA article 69 <a name="_ref_i.1">[i.1]</a>.



## 4.2 Product overview and architecture



_Explain the overall architecture and relationship among the parts of the products. Use diagrams if that is helpful._