Delegert kommisjonsforordning (EU) 2025/1535 av 29. juli 2025 om utfylling av europaparlaments- og rådsforordning (EU) 2024/2847 med hensyn til unntak fra anvendelsen av nevnte forordning for visse produkter med digitale elementer som faller inn under virkeområdet for europaparlaments- og rådsforordning (EU) nr. 168/2013
Rammeverk for digitale produkters og tjenesters robusthet: unntak for kjøretøy i klasse L
Commission Delegated Regulation (EU) 2025/1535 of 29 July 2025 supplementing Regulation (EU) 2024/2847 of the European Parliament and of the Council with regard to an exclusion from the application of that Regulation for certain products with digital elements falling within the scope of Regulation (EU) No 168/2013 of the European Parliament and of the Council
Kommisjonsforordning publisert i EU-tidende 29.10.2025
Bakgrunn
(fra kommisjonsforordningen)
(1) Pursuant to Article (2) of Regulation (EU) 2024/2847, the application of that Regulation to products with digital elements covered by other Union rules laying down requirements that address all or some of the risks covered by the essential cybersecurity requirements set out in that Regulation may be limited or excluded where such limitation or exclusion is consistent with the overall regulatory framework applying to those products and where the sectoral rules achieve at least the same level of protection as the one provided for by that Regulation.
(2) Regulation (EU) No 168/2013 of the European Parliament and of the Council establishes the administrative and technical requirements for the type-approval of twoor three-wheel vehicles and quadricycles as categorised in that Regulation (‘Lcategory vehicles’). Commission Delegated Regulation (EU) 44/2014 establishes the detailed technical requirements and test procedures regarding vehicle construction and general requirements for the approval of L-category vehicles and the systems, components and separate technical units intended for such vehicles in accordance with Regulation (EU) No 168/2013 and sets out a list of UNECE regulations and amendments thereto. Pursuant to Article 4(1) of Delegated Regulation (EU) 44/2014, the UNECE regulations and amendments thereto set out in Annex I to that Delegated Regulation are to apply to type approval of L-category vehicles
(3) The scope of UN Regulation No 155 has been extended to include rules on cybersecurity for L-category vehicles. Therefore, Delegated Regulation (EU) 44/2014 has been amended by Commission Delegated Regulation (EU) XXXX/XXX [OP: please insert the number of C(2025) 4842] to include UN Regulation No 155 in the list of UNECE regulations applying on a compulsory basis set out in Annex I to that Delegated Regulation. L1e category vehicles designed to pedal referred to in Article 3, point (94)(b), of Regulation (EU) No 168/2013 were however excluded from the compulsory application of UN Regulation No 155. Delegated Regulation (EU) XXXX/XXX [OP: please insert the number of C(2025) 4842] is to apply to new vehicle types from 11 December 2027 and to existing vehicle types from 11 June 2029.
(4) UN Regulation No 155 introduces certain cybersecurity requirements, including on the operation of a certified cybersecurity management system, on software updates, covering organisations’ policies and processes for cybersecurity risks related to the entire lifecycle of vehicles, equipment and services. It addresses cybersecurity risks in a manner that is comparable to Regulation (EU) 2024/2487 and achieves at least the same level of protection as that Regulation. In addition, UN Regulation No 155 ensures consistency with the overall type-approval framework applying to L-category vehicles. Consequently, Regulation (EU) 2024/2847 should not apply to products with digital elements falling within the scope of Regulation (EU) No 168/2013, with the exception of L1e category vehicles designed to pedal referred to in Article 3, point (94)(b), of Regulation (EU) No 168/2013,