Article 26 Regulation (EU) 2024/2847 · Chapter II 法規 (EU) 2024/2847 · 第二章
Guidance 指導
The Commission issues guidance to facilitate consistent application of CRA — covering scope, support periods, important products, substantial modification, SME application, and free movement. 執委會發布指導以促進 CRA 一致適用,涵蓋範圍、支援期間、重要產品、實質修改、中小企業適用、自由流通。
Block 1 · Official text 區塊 1 · 官方條文
What the Regulation actually says 條文實際怎麼寫
Source. From Regulation (EU) 2024/2847, OJ L 2024/2847 (20 Nov 2024). Translation unofficial; refer to EUR-Lex for binding text. 來源。節錄自《法規 (EU) 2024/2847》,OJ L 2024/2847(2024 年 11 月 20 日)。中文為非官方翻譯;強制適用條文請見 EUR-Lex。
1. In order to facilitate implementation and ensure the consistency of such implementation, the Commission shall issue guidelines to assist economic operators in the application of this Regulation, paying particular attention to facilitating compliance by microenterprises and small and medium-sized enterprises, including start-ups. Such guidelines shall cover at least the following matters:
(a) the scope of this Regulation, in particular as regards remote data processing solutions and free and open-source software;
(b) the application of substantial modification as referred to in Article 3, point (30);
(c) the determination of the support period by manufacturers pursuant to Article 13(8);
(d) the interplay of this Regulation with other Union law and the application of conformity assessment procedures as set out in Annex VIII;
(e) the application of the obligations of importers and distributors;
(f) the application of Article 14, in particular regarding reporting obligations of manufacturers, including the use of the single reporting platform referred to in Article 16;
(g) the application of Article 24 on the obligations of open-source software stewards;
(h) the practical application of provisions related to important and critical products.
2. When issuing the guidelines referred to in paragraph 1, the Commission shall consult the relevant stakeholders.
1. 為促進實施並確保實施之一致性,執委會應發布指導、協助經濟經營者適用本法規,並特別注意促進微型及中小型企業(含新創企業)之合規。該等指導應至少涵蓋下列事項:
(a) 本法規之範圍,特別是遠端資料處理解決方案與自由及開源軟體;
(b) 第 3 條第 (30) 款所指實質修改之適用;
(c) 製造商依第 13(8) 條決定支援期間;
(d) 本法規與其他歐盟法律之互動、以及附件八所定合規評鑑程序之適用;
(e) 進口商與經銷商義務之適用;
(f) 第 14 條之適用、特別是製造商之通報義務、含第 16 條所指單一通報平台之使用;
(g) 關於開源軟體 steward 義務之第 24 條之適用;
(h) 與重要產品及關鍵產品有關規定之實務適用。
2. 執委會發布第 1 項所指指導時、應諮詢相關利害關係人。
Block 2 · Plain language 區塊 2 · 白話解讀
Why Commission guidance matters more than the regulation text — for SMEs especially 為什麼執委會指引比法規條文更重要,對 SME 尤甚
Article 26 is the article that mandates the Commission to issue guidelines clarifying CRA application — particularly for SMEs and microenterprises. The 2026 published draft Commission Guidance (the first publicly available draft) is the first authoritative interpretation of multiple ambiguous CRA provisions. For APAC manufacturers, especially smaller exporters, this guidance is more operationally consequential than the regulation text itself.
Mandatory topics in the guidance. Article 26(1) specifies at least the following topics: scope of CRA (especially remote data processing solutions and FOSS); substantial modification (Article 3(30)) including software updates; manufacturer obligations under Articles 13 / 14; obligations of importers and distributors; applicable conformity assessment procedures; vulnerability handling under Annex I Part II; relationship between CRA and other Union law. The 2026 published draft addresses all of these with concrete examples — the FOSS section alone covers 16 worked examples.
Guidance is not legally binding — but operationally decisive. Article 26 guidance does not have the legal force of a delegated act or implementing regulation. But Member State market surveillance authorities, NBs, and courts give it heavy weight. In practice: an APAC manufacturer who follows the Commission guidance in good faith has a strong defence against enforcement action. An APAC manufacturer who ignores the guidance and does something different has the burden of proof.
The SME focus is structural. Article 26(1) explicitly says guidance shall pay "particular attention to facilitating compliance by microenterprises and small and medium-sized enterprises, including start-ups". This is operationally significant — many APAC ICT exporters technically meet EU SME thresholds (under 250 employees, turnover under €50M). They benefit from the SME-tailored guidance: simplified record-keeping, proportionate documentation, lower-cost conformity assessment paths.
Guidance evolves — track the version. Article 26(2) lets the Commission update guidance as needed. The 2026 published draft is a draft; the final adopted version may differ. APAC manufacturers should track Commission consultation cycles and align internal interpretation with the latest published version. Bookmarking the EUR-Lex CRA Guidance page and re-checking every 6 months is the minimum cadence.
第 26 條義務執委會發布指引、釐清 CRA 適用,特別針對 SME 與微型企業。2026 公開草案版執委會指引(首次公開可取得草案)是多項 CRA 模糊條文的首次權威解釋。對 APAC 製造商、尤其小型出口商、這份指引在營運上比法規條文本身更有後果。
指引中的強制主題。第 26(1) 條列舉至少下列主題:CRA 範圍(特別是遠端資料處理解決方案與 FOSS);實質修改(第 3(30) 條)包含軟體更新;第 13 / 14 條下的製造商義務;進口商與經銷商義務;適用之合規評鑑程序;附件一第二部分弱點處理;CRA 與其他歐盟法律的關係。2026 公開草案以具體範例處理全部,光 FOSS 一節就涵蓋 16 個操作範例。
指引不具法律拘束力,但在營運上是決定性的。第 26 條指引不具授權行為或實施法規的法律強制力。但會員國市場監督機關、指定機構、法院給它重大份量。實務上:善意遵循執委會指引的 APAC 製造商、對執法行動有強防禦。忽略指引而做不同的事的 APAC 製造商、承擔舉證責任。
SME 焦點是結構性的。第 26(1) 條明文指引應「特別注意促進微型與中小企業(含 startups)合規」。這在營運上意義重大,許多 APAC ICT 出口商在技術上符合 EU SME 門檻(不到 250 名員工、營業額不到 5,000 萬歐元)。他們受益於針對 SME 客製的指引:簡化紀錄、相稱文件、較低成本的合規評鑑路徑。
指引會演進,追蹤版本。第 26(2) 條讓執委會視需要更新指引。2026 公開草案是草案;最終通過的版本可能不同。APAC 製造商應追蹤執委會諮詢循環、把內部解讀對齊到最新發布版本。把 EUR-Lex CRA 指引頁面加書籤、每 6 個月重新查看、是最低頻率。
Block 3 · APAC perspective 區塊 3 · APAC 觀點
Article 26 guidance and APAC SME exporters' compliance economics 第 26 條指引跟 APAC SME 出口商的合規經濟學
A large share of APAC ICT exporters are SMEs by EU definition. Taiwan has thousands of ICT SMEs producing networking gear, IoT modules, embedded systems. Japan has many specialised industrial automation SMEs. Korea has consumer electronics SMEs. For these vendors, Article 26 guidance is the door to lower compliance cost — but only if they read it.
APAC ICT 出口商中很大比例按 EU 定義是 SME。台灣有數千家做網通設備、IoT 模組、嵌入式系統的 ICT SME。日本有許多特定領域工業自動化 SME。韓國有消費電子 SME。對這些廠商、第 26 條指引是降低合規成本的門,但前提是他們去讀。
Key 2026 guidance interpretations that APAC SME exporters should know:
APAC SME 出口商應知道的 2026 公開草案指引關鍵解釋:
| Topic主題 | 2026 guidance interpretation2026 公開草案指引解釋 | APAC SME impactAPAC SME 影響 |
|---|---|---|
| FOSS placing on market criteriaFOSS 投入市場標準 | 16 worked examples; community projects with no monetisation typically out of scope; foundations or companies distributing FOSS commercially in scope.16 個操作範例;無貨幣化的社群計畫通常範圍外;商業性分發 FOSS 的基金會或公司在範圍內。 | APAC SMEs that bundle internal-use FOSS into their commercial products are NOT FOSS contributors — they are PwDE manufacturers under Article 13.把內部使用 FOSS 捆進商業產品的 APAC SME 不是 FOSS 貢獻者,是第 13 條下的具數位元素產品製造商。 |
| Software steward scopeSoftware steward 範圍 | Legal persons only (not natural persons); "under responsibility" = publishing + distribution control. Hobbyist GitHub maintainers are not stewards.僅法人(不含自然人);「在責任下」=發布 + 分發控制。業餘 GitHub 維護者不是 stewards。 | Asian corporate FOSS contributors (e.g., Samsung kernel maintainers) are stewards under Article 24; individual Taiwan / Japan kernel hackers are not.亞洲企業 FOSS 貢獻者(如 Samsung kernel 維護者)在第 24 條下是 stewards;個別台 / 日 kernel 駭客不是。 |
| Substantial modification + software updates實質修改 + 軟體更新 | Software updates can constitute substantial modification when they affect Annex I Part I compliance or change intended use. Routine security patches typically do NOT.軟體更新影響附件一第一部分合規或改變預期用途時、可構成實質修改。常規安全修補通常不構成。 | APAC SMEs delivering routine security updates have predictable scope; major feature updates need re-assessment.推送常規安全更新的 APAC SME 範圍可預測;重大功能更新需要重新評鑑。 |
| Remote Data Processing Solutions (RDPS) scope遠端資料處理解決方案範圍 | RDPS in scope when functionally necessary to PwDE; pure analytics / telemetry that doesn't affect product function may not be.對具數位元素產品功能必要時 RDPS 在範圍;不影響產品功能的純分析 / 遙測可能不在。 | APAC IoT SMEs with cloud companion services should classify each cloud service: critical-path (in scope) vs ancillary (out of scope).具雲端伴隨服務的 APAC IoT SME 應分類每個雲端服務:關鍵路徑(在範圍)vs 周邊(範圍外)。 |
| Conformity assessment for important / critical products重要 / 關鍵產品合規評鑑 | Module A (self-assessment) for default products; Module B+C or H for important / critical when no harmonised standard fully covers Annex I.預設產品 Module A(自我評鑑);無調和標準完全涵蓋附件一時、重要 / 關鍵產品 Module B+C 或 H。 | SMEs in default category save substantial NB costs; SMEs with important / critical SKUs need NB engagement budget.在預設類別的 SME 節省大筆 NB 成本;有重要 / 關鍵 SKU 的 SME 需要 NB 介入預算。 |
A practical operational suggestion for APAC SME ICT exporters: treat the 2026 Commission guidance as your primary CRA reference, not the regulation text. The regulation gives you the legal anchor; the guidance gives you the operational interpretation. Cross-reference both, but if you have to pick one document to print and circulate to the engineering team — pick the guidance.
給 APAC SME ICT 出口商的實務營運建議:把 2026 公開草案版執委會指引當成主要 CRA 參考、而不是法規條文。法規給法律錨點;指引給營運解讀。兩者交叉參照、但如果只能選一份印出來給工程團隊,選指引。
A second strategic point: the Article 26 guidance is the regulatory equivalent of an FAQ — it answers questions that arose during the consultation period. APAC trade associations (TAITRA, KITA, JEITA) should monitor Commission consultation periods and submit SME-perspective input. The 2026 published draft draws partly on US, EU SME industry submissions; APAC voice in the next revision is achievable if there is coordinated industry engagement.
第二個策略點:第 26 條指引是 FAQ 的法規等價物,它回答諮詢期間出現的問題。APAC 貿易協會(TAITRA、KITA、JEITA)應監控執委會諮詢期、提交 SME 觀點輸入。2026 公開草案部分取材於美 / 歐 SME 業界提交;下次修訂中、若有協調的業界投入、APAC 聲音是可達成的。
Block 4 · Cross-regulation map 區塊 4 · 跨法規對照
Commission guidance instruments across EU regulatory regimes EU 法規制度中的執委會指引工具
Commission guidance is a familiar instrument in EU product regulation. Multiple parallel regimes have similar guidance structures. APAC manufacturers familiar with one set can transfer the reading skills. 執委會指引是 EU 產品法規中熟悉的工具。多個平行制度有類似的指引結構。熟悉一組的 APAC 製造商可以轉用閱讀能力。
MDR / IVDR — MDCG guidance documentsMDR / IVDR:MDCG 指引文件
Medical Device Coordination Group (MDCG) issues guidance on MDR application. The MDCG library has 100+ documents covering everything from clinical evaluation to post-market surveillance. Pattern: not legally binding but operationally definitive. APAC medical device manufacturers familiar with MDCG navigate Commission guidance under CRA easily.
醫療器材協調組(MDCG)就 MDR 適用發布指引。MDCG 文件庫有 100+ 份文件、涵蓋從臨床評鑑到上市後監督。模式:不具法律強制力但營運上具決定性。熟悉 MDCG 的 APAC 醫療器材製造商容易掌握 CRA 下的執委會指引。
RED — RED Compliance Association guidance + Blue GuideRED:RED 合規協會指引 + 藍皮書
The Commission Blue Guide on the implementation of EU product rules covers all NLF regimes including RED. RED-specific guidance comes from RED Compliance Association and Commission RED guidance documents. APAC radio equipment manufacturers familiar with these can read CRA Article 26 guidance with the same reading approach.
執委會關於歐盟產品規則實施的藍皮書涵蓋所有 NLF 制度含 RED。RED 特定指引來自 RED 合規協會跟執委會 RED 指引文件。熟悉這些的 APAC 無線電設備製造商、可以用同樣的閱讀方法讀 CRA 第 26 條指引。
EU AI Act 2024/1689 Article 96 — guidance with comparable structureEU AI Act 2024/1689 第 96 條:結構可比的指引
AI Act Article 96 mandates the Commission to issue guidelines on AI Act application. Topics include high-risk AI obligations, transparency requirements, prohibited practices, market surveillance. Same structure as CRA Article 26 — guidance is mandatory, evolving, operationally decisive. Products bundling AI under PwDE need to track both AI Act guidance and CRA guidance simultaneously.
AI Act 第 96 條義務執委會就 AI Act 適用發布指引。主題包括高風險 AI 義務、透明度要求、禁止實務、市場監督。跟 CRA 第 26 條同結構,指引是強制、演進、營運決定性的。同時搭配 AI 在具數位元素產品下的產品、需要同時追蹤 AI Act 指引與 CRA 指引。
GPSR 2023/988 — informal Commission guidance patternGPSR 2023/988:非正式執委會指引模式
GPSR doesn't have a formal Article-26-equivalent guidance mandate but the Commission has issued multiple sectoral guidance notes. CRA Article 26 formalises what GPSR did informally — making mandatory the issuance of guidance the Commission would have done anyway. The formalisation is significant: APAC manufacturers can rely on guidance availability instead of hoping for it.
GPSR 沒有正式第 26 條等價指引義務、但執委會已發布多份部門別指引筆記。CRA 第 26 條把 GPSR 非正式做的事正式化,讓執委會本來就會做的指引發布、變成強制。正式化很重要:APAC 製造商可以依賴指引可得、而不是希望它出現。
EU SME definition — Recommendation 2003/361/ECEU SME 定義,建議 2003/361/EC
The EU SME definition (Recommendation 2003/361/EC) sets the thresholds: micro < 10 employees and turnover < €2M; small < 50 and < €10M; medium < 250 and < €50M. Article 26's SME-tailored guidance is anchored to these thresholds. APAC manufacturers operating below the medium threshold qualify for guidance benefits. Note: the threshold check considers the overall enterprise group, not just the EU subsidiary — so an APAC parent with EU subsidiary may exceed the threshold even if the subsidiary alone doesn't.
EU SME 定義(建議 2003/361/EC)設定門檻:微型 < 10 員工且營業額 < 200 萬歐元;小型 < 50 且 < 1,000 萬;中型 < 250 且 < 5,000 萬。第 26 條客製給 SME 的指引、錨定到這些門檻。在中型門檻下運作的 APAC 製造商符合指引受益資格。注意:門檻檢查考量整個企業集團、不只 EU 子公司,所以 APAC 母公司加 EU 子公司、即使子公司獨立未達門檻、也可能超過。