Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
News
Trackers
Resources
Contact
About Us
News
Recitals
Trackers
Resources
Newsletter
Terms of Use
Privacy Notice
LinkedIn
Cyber Resilience Act

  • Data & Privacy

    • Data Act
    • Data Governance Act
    • EHDS
    • ePrivacy Directive
    • GDPR
    • GDPR Procedural Regulation

  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive

  • Cybersecurity

    • Cyber Resilience Act
    • Cybersecurity Act
    • DORA
    • NIS2

  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
CRA

Annex III. IMPORTANT PRODUCTS WITH DIGITAL ELEMENTS

  • Class I

    • (1)

      Identity management systems and privileged access management software and hardware, including authentication and access control readers, including biometric readers

    • (2)

      Standalone and embedded browsers

    • (3)

      Password managers

    • (4)

      Software that searches for, removes, or quarantines malicious software

    • (5)

      Products with digital elements with the function of virtual private network (VPN)

    • (6)

      Network management systems

    • (7)

      Security information and event management (SIEM) systems

    • (8)

      Boot managers

    • (9)

      Public key infrastructure and digital certificate issuance software

    • (10)

      Physical and virtual network interfaces

    • (11)

      Operating systems

    • (12)

      Routers, modems intended for the connection to the internet, and switches

    • (13)

      Microprocessors with security-related functionalities

    • (14)

      Microcontrollers with security-related functionalities

    • (15)

      Application specific integrated circuits (ASIC) and field-programmable gate arrays (FPGA) with security-related functionalities

    • (16)

      Smart home general purpose virtual assistants

    • (17)

      Smart home products with security functionalities, including smart door locks, security cameras, baby monitoring systems and alarm systems

    • (18)

      Internet connected toys covered by Directive 2009/48/EC of the European Parliament and of the Council that have social interactive features (e.g. speaking or filming) or that have location tracking features

    • (19)

      Personal wearable products to be worn or placed on a human body that have a health monitoring (such as tracking) purpose and to which Regulation (EU) 2017/745 or (EU) No 2017/746 do not apply, or personal wearable products that are intended for the use by and for children

  • Class II

    • (1)

      Hypervisors and container runtime systems that support virtualised execution of operating systems and similar environments

    • (2)

      Firewalls, intrusion detection and prevention systems

    • (3)

      Tamper-resistant microprocessors

    • (4)

      Tamper-resistant microcontrollers

Relevant Recitals for this Annex

© 2026 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage Cookies

© 2026 StreamLex