Recital 90

In order to allow economic operators to demonstrate conformity with the essential cybersecurity requirements set out in this Regulation and to allow market surveillance authorities to ensure that products with digital elements made available on the market comply with those requirements, it is necessary to provide for conformity assessment procedures. Decision No 768/2008/EC of the European Parliament and of the Council establishes modules for conformity assessment procedures in proportion to the level of risk involved and the level of security required. In order to ensure inter-sectoral coherence and to avoid ad-hoc variants, conformity assessment procedures adequate for verifying the conformity of products with digital elements with the essential cybersecurity requirements set out in this Regulation should be based on those modules. The conformity assessment procedures should examine and verify both product and process-related requirements covering the whole lifecycle of products with digital elements, including planning, design, development or production, testing and maintenance of the product with digital elements.