What qualifies a product as Important or Critical?

[tobie]

Proposed answer:

Per Article 7 and 8, Important and Critical products are part of the product categories listed in Annex III and IV and defined in the draft implementing regulation. Product in these categories perform functions that are either:

1. critical to cybersecurity or
2. carry a significant risk of adverse effects to a large number of other products or to the the health, security or safety of their users

Note

Most products in scope of the CRA are not classified as Important or Critical.

👉 ORC WG is providing input to the draft implementing regulation.

[ilu33]

In light of the misunderstanding in #169 it should be noted that the lists in the Annexes are - at this point in time - exhaustive. And that the reasons you gave in the second sentence do not mean that anything can be added to those lists without the formal procedure described in Art. 8 no. 2 CRA. So maybe you should drop your explanation because the sole criteria is: Is it in the list or not?
Or restructure it like
Per Article 7 and 8, Important and Critical products are part of the product categories listed in Annex III and IV. These lists are exhaustive. They are further defined in the draft implementing regulation.
The commision may add further products to these lists if they perform functions that are either:
critical to cybersecurity or
carry a significant risk of adverse effects to a large number of other products or to the the health, security or safety of their users
but hasn't done so yet.