Cyber Resilience Act
El CRA impone requisitos obligatorios de ciberseguridad a fabricantes de productos con elementos digitales (hardware y software). Incluye obligaciones de diseño seguro, gestión de vulnerabilidades durante todo el ciclo de vida y notificación de incidentes activamente explotados.
En vigor
11 oct 2027
Articulos
71
Guias oficiales
4
Guias tecnicas y fuentes oficiales
European Commission - CRA standardisation
Estandares armonizados y solicitud M/606 para los requisitos esenciales del CRA.
ENISA - CRA implementation via EUCC technical elements
Analisis tecnico para usar EUCC como via de demostracion de conformidad CRA.
ENISA - Single Reporting Platform (SRP)
Plataforma unica de reporting para vulnerabilidades explotadas e incidentes bajo CRA.
European Commission - Cyber Resilience Act
Pagina oficial de la Comision Europea sobre CRA.
General
71Subject matter
El artículo 1 (Subject matter) establece obligaciones y criterios operativos dentro del marco DORA. This Regulation lays down: (a) rules for the making available on the market of products with digital elements to ensure the cybersecurity of such products; (b) essential cybersecurity requirements for the design, development and production of products with dig
Scope
El artículo 2 (Scope) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Definitions
El artículo 3 (Definitions) establece obligaciones y criterios operativos dentro del marco DORA. For the purposes of this Regulation, the following definitions apply: (1) ‘product with digital elements’ means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separa
Free movement
El artículo 4 (Free movement) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Procurement or use of products with digital elements
El artículo 5 (Procurement or use of products with digital elements) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Requirements for products with digital elements
El artículo 6 (Requirements for products with digital elements) establece obligaciones y criterios operativos dentro del marco DORA. Products with digital elements shall be made available on the market only where: (a) they meet the essential cybersecurity requirements set out in Part I of Annex I, provided that they are properly installed, maintained, used for their intended purpose or unde
Important products with digital elements
El artículo 7 (Important products with digital elements) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Critical products with digital elements
El artículo 8 (Critical products with digital elements) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Stakeholder consultation
El artículo 9 (Stakeholder consultation) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Enhancing skills in a cyber resilient digital environment
El artículo 10 (Enhancing skills in a cyber resilient digital environment) establece obligaciones y criterios operativos dentro del marco DORA. For the purposes of this Regulation and in order to respond to the needs of professionals in support of the implementation of this Regulation, Member States with, where appropriate, the support of the Commission, the European Cybersecurity Competence Centre an
General product safety
El artículo 11 (General product safety) establece obligaciones y criterios operativos dentro del marco DORA. By way of derogation from Article 2(1), third subparagraph, point (b), of Regulation (EU) 2023/988, Chapter III, Section 1, Chapters V and VII, and Chapters IX to XI of that Regulation shall apply to products with digital elements with respect to aspects and r
High-risk AI systems
El artículo 12 (High-risk AI systems) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Obligations of manufacturers
El artículo 13 (Obligations of manufacturers) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Reporting obligations of manufacturers
El artículo 14 (Reporting obligations of manufacturers) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Voluntary reporting
El artículo 15 (Voluntary reporting) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Establishment of a single reporting platform
El artículo 16 (Establishment of a single reporting platform) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Other provisions related to reporting
El artículo 17 (Other provisions related to reporting) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Authorised representatives
El artículo 18 (Authorised representatives) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Obligations of importers
El artículo 19 (Obligations of importers) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Obligations of distributors
El artículo 20 (Obligations of distributors) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Cases in which obligations of manufacturers apply to importers and distributors
El artículo 21 (Cases in which obligations of manufacturers apply to importers and distributors) establece obligaciones y criterios operativos dentro del marco DORA. An importer or distributor shall be considered to be a manufacturer for the purposes of this Regulation and shall be subject to Articles 13 and 14, where that importer or distributor places a product with digital elements on the market under its name or tradem
Other cases in which obligations of manufacturers apply
El artículo 22 (Other cases in which obligations of manufacturers apply) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Identification of economic operators
El artículo 23 (Identification of economic operators) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Obligations of open-source software stewards
El artículo 24 (Obligations of open-source software stewards) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Security attestation of free and open-source software
El artículo 25 (Security attestation of free and open-source software) establece obligaciones y criterios operativos dentro del marco DORA. In order to facilitate the due diligence obligation set out in Article 13(5), in particular as regards manufacturers that integrate free and open-source software components in their products with digital elements, the Commission is empowered to adopt delegated
Guidance
El artículo 26 (Guidance) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Presumption of conformity
El artículo 27 (Presumption of conformity) establece obligaciones y criterios operativos dentro del marco DORA. 1.
EU declaration of conformity
El artículo 28 (EU declaration of conformity) establece obligaciones y criterios operativos dentro del marco DORA. 1.
General principles of the CE marking
El artículo 29 (General principles of the CE marking) establece obligaciones y criterios operativos dentro del marco DORA. The CE marking shall be subject to the general principles set out in Article 30 of Regulation (EC) No 765/2008.
Rules and conditions for affixing the CE marking
El artículo 30 (Rules and conditions for affixing the CE marking) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Technical documentation
El artículo 31 (Technical documentation) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Conformity assessment procedures for products with digital elements
El artículo 32 (Conformity assessment procedures for products with digital elements) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Support measures for microenterprises and small and medium-sized enterprises, including start-ups
El artículo 33 (Support measures for microenterprises and small and medium-sized enterprises, including start-ups) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Mutual recognition agreements
El artículo 34 (Mutual recognition agreements) establece obligaciones y criterios operativos dentro del marco DORA. Taking into account the level of technical development and the approach on conformity assessment of a third country, the Union may conclude Mutual Recognition Agreements with third countries, in accordance with Article 218 TFEU, in order to promote and facilit
Notification
El artículo 35 (Notification) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Notifying authorities
El artículo 36 (Notifying authorities) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Requirements relating to notifying authorities
El artículo 37 (Requirements relating to notifying authorities) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Information obligation on notifying authorities
El artículo 38 (Information obligation on notifying authorities) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Requirements relating to notified bodies
El artículo 39 (Requirements relating to notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Presumption of conformity of notified bodies
El artículo 40 (Presumption of conformity of notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. Where a conformity assessment body demonstrates its conformity with the criteria laid down in the relevant harmonised standards or parts thereof the references of which have been published in the Official Journal of the European Union it shall be presumed to c
Subsidiaries of and subcontracting by notified bodies
El artículo 41 (Subsidiaries of and subcontracting by notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Application for notification
El artículo 42 (Application for notification) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Notification procedure
El artículo 43 (Notification procedure) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Identification numbers and lists of notified bodies
El artículo 44 (Identification numbers and lists of notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Changes to notifications
El artículo 45 (Changes to notifications) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Challenge of the competence of notified bodies
El artículo 46 (Challenge of the competence of notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Operational obligations of notified bodies
El artículo 47 (Operational obligations of notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Appeal against decisions of notified bodies
El artículo 48 (Appeal against decisions of notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. Member States shall ensure that an appeal procedure against decisions of the notified bodies is available.
Information obligation on notified bodies
El artículo 49 (Information obligation on notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Exchange of experience
El artículo 50 (Exchange of experience) establece obligaciones y criterios operativos dentro del marco DORA. The Commission shall provide for the organisation of the exchange of experience between the Member States’ national authorities responsible for notification policy.
Coordination of notified bodies
El artículo 51 (Coordination of notified bodies) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Market surveillance and control of products with digital elements in the Union market
El artículo 52 (Market surveillance and control of products with digital elements in the Union market) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Access to data and documentation
El artículo 53 (Access to data and documentation) establece obligaciones y criterios operativos dentro del marco DORA. Where necessary to assess the conformity of products with digital elements and the processes put in place by their manufacturers with the essential cybersecurity requirements set out in Annex I, the market surveillance authorities shall, upon a reasoned reques
Procedure at national level concerning products with digital elements presenting a significant cybersecurity risk
El artículo 54 (Procedure at national level concerning products with digital elements presenting a significant cybersecurity risk) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Union safeguard procedure
El artículo 55 (Union safeguard procedure) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Procedure at Union level concerning products with digital elements presenting a significant cybersecurity risk
El artículo 56 (Procedure at Union level concerning products with digital elements presenting a significant cybersecurity risk) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Compliant products with digital elements which present a significant cybersecurity risk
El artículo 57 (Compliant products with digital elements which present a significant cybersecurity risk) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Formal non-compliance
El artículo 58 (Formal non-compliance) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Joint activities of market surveillance authorities
El artículo 59 (Joint activities of market surveillance authorities) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Sweeps
El artículo 60 (Sweeps) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Exercise of the delegation
El artículo 61 (Exercise of the delegation) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Committee procedure
El artículo 62 (Committee procedure) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Confidentiality
El artículo 63 (Confidentiality) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Penalties
El artículo 64 (Penalties) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Representative actions
El artículo 65 (Representative actions) establece obligaciones y criterios operativos dentro del marco DORA. Directive (EU) 2020/1828 shall apply to the representative actions brought against infringements by economic operators of provisions of this Regulation that harm, or may harm, the collective interests of consumers.
Amendment to Regulation (EU) 2019/1020
El artículo 66 (Amendment to Regulation (EU) 2019/1020) establece obligaciones y criterios operativos dentro del marco DORA. In Annex I to Regulation (EU) 2019/1020, the following point is added: ‘72.
Amendment to Directive (EU) 2020/1828
El artículo 67 (Amendment to Directive (EU) 2020/1828) establece obligaciones y criterios operativos dentro del marco DORA. In Annex I to Directive (EU) 2020/1828, the following point is added: ‘69.
Amendment to Regulation (EU) No 168/2013
El artículo 68 (Amendment to Regulation (EU) No 168/2013) establece obligaciones y criterios operativos dentro del marco DORA. In Part C1, in the table, of Annex II to Regulation (EU) No 168/2013 of the European Parliament and of the Council ( 38 ) , the following entry is added: ‘ 16 18 protection of vehicle against cyberattacks x x x x x x x x x x x x x x ’.
Transitional provisions
El artículo 69 (Transitional provisions) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Evaluation and review
El artículo 70 (Evaluation and review) establece obligaciones y criterios operativos dentro del marco DORA. 1.
Entry into force and application
El artículo 71 (Entry into force and application) establece obligaciones y criterios operativos dentro del marco DORA. 1.