You are here: Home / Frequently Asked Questions (FAQ) / Legal FAQ collection / 
2025-10-11 - 00:45
FAQ

What is a "product with digital elements" in the scope of the CRA?

Was ist ein "Produkt mit digitalen Elementen" im Rahmen des CRA?

Answer:

The term „product with digital elements“ is a legal term that is defined in Art. 3 (1) CRA:

„‘product with digital elements‘ means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately“.

In order to understand the term, it is helpful to look at the purpose of the CRA, which is to “ensure a high level of cybersecurity of products with digital elements and their integrated remote data processing solutions” (cf. Recital 11 CRA) Therefore, a “product with digital elements” is generally to be understood very widely: it includes software, hardware, embedded software, standalone software and their components, no matter if they are provided as a single component or as part of a product.

It is often misunderstood that only software or hardware WITH remote data processing solutions are covered by the CRA (Cf. Recital 11 CRA: „Such remote data processing solutions should be defined as data processing at a distance for which the software is designed and developed by or on behalf of the manufacturer of the product with digital elements concerned, the absence of which would prevent the product with digital elements from performing one of its functions.“). However, this is not the case. The definition only states that software or hardware AND its remote data processing solutions are covered. This means that if a software or hardware falls under the CRA, its remote data processing solutions are too.

As per Recital 11 CRA:

At the same time, processing or storage at a distance falls within the scope of this Regulation only in so far as it is necessary for a product with digital elements to perform its functions. Such processing or storage at a distance includes the situation where a mobile application requires access to an application programming interface or to a database provided by means of a service developed by the manufacturer. In such a case, the service falls within the scope of this Regulation as a remote data processing solution.“

Most recent content update of this FAQ: September 2025