Recital 28

This Regulation lays down horizontal cybersecurity rules which are not specific to sectors or to certain products with digital elements. Nevertheless, sectoral or product-specific Union rules could be introduced, laying down requirements that address all or some of the risks covered by the essential cybersecurity requirements set out in this Regulation. In such cases, the application of this Regulation to products with digital elements covered by other Union rules laying down requirements that address all or some of the risks covered by the essential cybersecurity requirements set out in this Regulation may be limited or excluded where such limitation or exclusion is consistent with the overall regulatory framework applying to those products and where the sectoral rules achieve at least the same level of protection as the one provided for by this Regulation. The Commission should be empowered to adopt delegated acts to supplement this Regulation by identifying such products and rules. For existing Union law where such limitation or exclusion should apply, this Regulation contains specific provisions to clarify its relation with that Union law.