Harmonized standards play a central role in CRA compliance. They provide a presumption of conformity and significantly simplify the assessment process. Here is everything you need to know.

1. What is a Harmonized Standard?

A harmonized standard is a European standard adopted at the request of the European Commission. For the CRA, applying these standards gives a presumption of conformity to the essential requirements. If you apply harmonized standards, authorities presume your product is compliant.

2. Key CRA Standards

  • EN 303 645: Cybersecurity for consumer IoT devices
  • ISO/IEC 27001: Information security management systems
  • ISO/IEC 27036: Supplier relationships security
  • ETSI EN 303 645: IoT device security covering authentication, updates, and privacy
  • ISA/IEC 62443: Industrial automation and control systems cybersecurity

3. Using Harmonized Standards

  1. Identify applicable standards for your product category
  2. Document their application in your technical file (Annex VII)
  3. Demonstrate conformity point by point in your EU Declaration
  4. Retain evidence of testing, analysis, and verification performed

4. Special Cases

No harmonized standard: Use other technical specifications or demonstrate conformity through notified body assessment.

Partial coverage: A standard may only cover part of the requirements. Complement with other standards or specifications.

5. Standard Updates

The European Commission regularly publishes updates in the Official Journal of the EU. Expert CRA keeps you informed of regulatory developments.

Applying harmonized standards is the simplest and most cost-effective way to demonstrate CRA compliance. Do not overlook them in your technical documentation.