Introduction
The free circulation of products with digital elements within the European Union is a key aspect in the regulation of the digital market. This principle allows marketing and technological development without unnecessary barriers, while ensuring compliance with the cybersecurity requirements established in current regulations.
Free circulation of products with digital elements
Unrestricted marketing
Member States may not prevent the placing on the market of products with digital elements that are in conformity with this Regulation. This ensures a digital single market with a level playing field for manufacturers and technology providers.
Exhibitions and demonstrations
Products with digital elements that do not yet comply with the Regulation may be presented at fairs, exhibitions and demonstrations, provided that it is clearly indicated that they are not yet compliant and may not be marketed until they comply with the regulation.
Commercialization of software in test phase
The marketing of unfinished software is permitted provided that it is for a limited period and for testing purposes. These products must include a visible sign indicating their status and their use restricted exclusively to testing.
Exception for safety components
The Regulation establishes that safety components regulated by other Union harmonization legislation may not be placed on the market if they do not comply with the specific safety requirements established.
Requirements in public procurement
Additional cybersecurity requirements
Member States may establish additional cybersecurity requirements in the public procurement of products with digital elements, especially in strategic sectors such as defense and national security. These requirements must be compatible with EU obligations and proportionate in relation to the objectives they seek to achieve.
Evaluation in contracting processes
When Member States procure products with digital elements, they must ensure that these comply with the essential cybersecurity requirements of the Regulation. In addition, they must assess the ability of manufacturers to effectively manage vulnerabilities.
Requirements applicable to products with digital elements
Conditions for commercialization
The marketing of products with digital elements will only be allowed if:
- They comply with the essential cybersecurity requirements set forth in Annex I of the Regulation.
- They have been installed, maintained and used in accordance with their intended purpose and the necessary security updates have been implemented.
- The manufacturer’s internal processes comply with the cybersecurity standards defined in the regulations.
Important products with digital elements
Definition and classification
Products with digital elements whose main functionality falls within the categories set out in Annex III of the Regulation are considered major products with digital elements and are subject to specific conformity assessment procedures.
Classification criteria
Important products are considered to be those that:
- They perform critical cybersecurity functions, such as secure authentication, intrusion prevention or end node security.
- They may generate a significant risk of adverse effects, such as disruption to other systems or risks to the security and privacy of users.
Modifications to the list of important products
The European Commission has the power to amend the list of important products with digital elements by means of delegated acts. These modifications may include new product categories or the reclassification of existing ones. Any changes must have a transitional period of at least twelve months, except in urgent cases.
Technical implementation
By 11 December 2025, the Commission shall adopt an implementing act specifying the technical description of the relevant product categories set out in Annexes III and IV. This measure will ensure a clear and homogeneous application of the regulation in all Member States.
Conclusion
This Regulation establishes a legal framework for the free circulation and marketing of products with digital elements in the European Union, ensuring that all market players comply with cybersecurity requirements. The regulation also defines specific procedures for the most critical products, guaranteeing the security and reliability of the digital infrastructure in an increasingly interconnected environment.
