Article 24 specifies the requirements that conformity assessment bodies must meet before a member state can notify them to the European Commission for CRA purposes. It establishes the competence, independence, and impartiality criteria that notified bodies must demonstrate, and the ongoing obligations they bear once notified. For manufacturers, understanding Article 24 helps in evaluating whether a potential assessment body genuinely qualifies to conduct CRA conformity assessments.
Requirements for Notified Body Qualification
Article 24 sets out the requirements that conformity assessment bodies must satisfy to be notified under the CRA. These requirements cover:
Legal establishment: The body must be established under the law of an EU member state and have legal personality — it must be a formal legal entity, not an informal group.
Independence: The body must be independent from the organisations it assesses. Specifically, it must not be the manufacturer, the manufacturer's supplier, customer, or economic partner in ways that could compromise objectivity. Employees of the body must not have been involved in the design, production, or marketing of products they assess.
Technical competence: The body must have the expertise, facilities, and equipment necessary to perform the conformity assessment tasks for which it seeks notification. For CRA assessments, this requires genuine cybersecurity expertise and the technical capability to evaluate security properties against the Annex I requirements.
Financial stability: The body must have sufficient financial resources to perform assessment activities professionally and to carry liability for assessments conducted.
Impartiality and Conflict of Interest Controls
Article 24 places strong emphasis on impartiality. Notified bodies must be structured and managed in a way that ensures their assessments are not influenced by commercial, financial, or other pressures from the organisations being assessed.
Key impartiality requirements include:
- Assessment fees must not depend on the result of the assessment
- Assessors must disclose potential conflicts of interest and recuse themselves where such conflicts exist
- The body must have documented procedures for managing conflicts of interest
- Senior personnel must not simultaneously hold positions in organisations whose products they assess
These requirements reflect the critical role that notified bodies play in the EU market surveillance system. An assessment that is compromised by commercial pressure provides false assurance to regulators and consumers and undermines the entire CE marking system.
Accreditation as Evidence of Qualification
Article 24 recognises accreditation by a national accreditation body as the primary mechanism for demonstrating that a conformity assessment body meets the notification requirements. Accreditation under ISO/IEC 17065 (for product certification bodies) or ISO/IEC 17020 (for inspection bodies) against the CRA-relevant scope provides a presumption that the body meets the competence and impartiality requirements.
National accreditation bodies are designated under Regulation (EC) 765/2008 and are members of the European co-operation for Accreditation (EA). They conduct assessments of conformity assessment bodies through peer-reviewed processes that are internationally recognised.
Manufacturers selecting a notified body for CRA assessments should request confirmation of the body's accreditation scope and verify that the scope covers CRA-relevant assessment activities. Accreditation scope documents are typically publicly available from the accreditation body.
Ongoing Obligations of Notified Bodies
Once notified, bodies bear ongoing obligations under Article 24 and related provisions. These include:
Continuous qualification: Notified bodies must maintain the competence, impartiality, and financial stability that led to their notification. Significant changes — such as mergers, ownership changes, or loss of accreditation — must be reported to the notifying authority.
Transparency: Notified bodies must participate in coordination activities with other notified bodies and the Commission to ensure consistent application of assessment standards across the EU.
Record keeping: Bodies must maintain records of all assessments conducted, including the documentation reviewed, the testing performed, the findings made, and the certificates issued or refused. These records must be available to authorities on request.
Communication of non-compliance: Where a notified body finds non-compliance during an assessment, it must refuse to issue a certificate and inform the national authority. It may not issue a certificate conditional on the manufacturer correcting deficiencies without a reassessment.
Subsidiary Bodies and Subcontracting
Article 24 addresses the circumstances under which notified bodies can use subsidiary bodies or subcontract assessment activities. Subcontracting is permitted in limited circumstances where the subcontracted activity involves specialist expertise not available in-house, and where the notified body retains full responsibility for the subcontracted work.
Manufacturers should be aware that if their notified body subcontracts significant portions of the assessment, they should verify that the subcontractor meets equivalent competence standards. Subcontractors' work counts as the notified body's work for the purposes of the assessment certificate, but the notified body cannot excuse assessment failures by pointing to the subcontractor's errors.
Manufacturers should ask notified bodies to disclose any planned subcontracting at the assessment engagement stage and to confirm the qualifications of proposed subcontractors.
CVD Portal helps you comply with Article 24 automatically.
Public submission portal, 48-hour acknowledgment tracking, Article 14 deadline alerts, and CSAF advisory generation. Free forever.
Start your free portalFrequently asked
How can I verify that a conformity assessment body is genuinely notified under the CRA?+
Check the NANDO database at ec.europa.eu/growth/tools-databases/nando. Search for the CRA regulation and confirm that the body appears with an active notification status. NANDO includes each body's notification number, scope, contact details, and notification date. Do not rely solely on the body's own marketing claims — verify directly in NANDO.
Can a notified body refuse to assess my product?+
Yes. Notified bodies are not obligated to accept all assessment requests. They may decline where they lack the relevant technical expertise, have a conflict of interest with the manufacturer, or where the product falls outside their notification scope. However, a blanket refusal based on commercial factors (for example, the assessment fee is too low) may be inconsistent with their obligations.
What happens if a notified body makes an error in my assessment?+
If an assessment error results in an incorrect certificate being issued, and this leads to a non-compliant product entering the market, both the manufacturer and the notified body may face regulatory consequences. Manufacturers bear primary regulatory responsibility, but notified bodies can face liability for assessment negligence. This is one reason why manufacturers should review assessment reports critically and seek clarification on any findings before accepting a certificate.
Are there CRA-specific notified bodies separate from other CE marking notified bodies?+
Notified bodies are notified for specific regulatory scopes. A body notified under the Radio Equipment Directive is not automatically notified under the CRA — it must be separately assessed and notified for CRA activities. Some bodies may be notified under multiple regulations. Always verify the specific CRA notification in NANDO, not just whether the body has general CE marking experience.
Need a CVD policy that satisfies Article 24?
Download a free CRA-compliant template and deploy it in minutes.