Skip to main content

CE Marking for Software Under the CRA: What Developers Need to Know

You've likely seen the 'CE' marking on various physical goods. With the Cyber Resilience Act, this marking becomes a reality for software products with digital elements too, including your games, apps, software components, and engines (Article 3(31), Article 29 of the CRA legal text).

Symbol of Conformity

The CE marking is your visible declaration that your software product and your associated processes (like vulnerability management) conform to all applicable EU legislation that requires it, which now includes the CRA (Article 30(1) of the CRA legal text). It signals to market surveillance authorities and users that your product meets the essential cybersecurity requirements. It's your product's passport to the EU market (Recital 36 of the CRA legal text).

How to Affix It for Software

For software, you won't physically stamp the code. Instead:

  • It can be on the EU Declaration of Conformity that accompanies the software (Article 30(1) of the CRA legal text).
  • It can be displayed on the website from which the software is downloaded or accessed, in an easily and directly accessible way (Article 30(1) of the CRA legal text; Recital 36 of the CRA legal text).
  • If your software is on physical media (like a game disc), it could be on the packaging.

Affixing the CE marking is a mandatory step before your software product can be legally placed on the EU market (Article 30(3) of the CRA legal text).

Key Takeaway

The CE marking, applied via your documentation or website, is the official stamp showing your software complies with the CRA, making it essential for legal EU market access.