Article 4 Regulation (EU) 2024/2847 · Chapter I 法規 (EU) 2024/2847 · 第一章
Free movement 自由流通
Member States shall not impede the free movement of CRA-compliant products with digital elements. 會員國不得阻礙合規於 CRA 之具數位元素產品的自由流通。
Block 1 · Official text 區塊 1 · 官方條文
What the Regulation actually says 條文實際怎麼寫
Source. From Regulation (EU) 2024/2847, OJ L 2024/2847 (20 Nov 2024). Translation unofficial; refer to EUR-Lex for binding text. 來源。節錄自《法規 (EU) 2024/2847》,OJ L 2024/2847(2024 年 11 月 20 日)。中文為非官方翻譯;強制適用條文請見 EUR-Lex。
1. Member States shall not impede, for the matters covered by this Regulation, the making available on the market of products with digital elements which comply with this Regulation.
2. At trade fairs, exhibitions and demonstrations or similar events, Member States shall not prevent the presentation and use of a product with digital elements which does not comply with this Regulation, including its prototypes, provided that a visible sign clearly indicates that such product with digital elements does not comply with this Regulation and that it will not be made available on the market until it complies with this Regulation.
1. 就本法規所規範事項,會員國不得阻礙符合本法規之具數位元素產品於市場上提供。
2. 於商展、展覽會、示範或類似活動中,會員國不得阻止不符合本法規之具數位元素產品(含其原型)的展示與使用,但須以明顯標示清楚說明該產品不符合本法規、且該產品於符合本法規前不得於市場上提供。
Block 2 · Plain language 區塊 2 · 白話解讀
Why "free movement" is the article that makes CRA real 為什麼「自由流通」這條是 CRA 真正落地的關鍵
Article 4 looks short and procedural — only two paragraphs. It is in fact the article that makes the rest of the CRA enforceable. Without it, every Member State could invent its own additional cybersecurity hurdles for products with digital elements, and the CRA would degrade into 27 fragmented national regimes. Article 4 says: once you comply with CRA, no Member State can stop you on cybersecurity grounds.
For a Taiwan, Japan, or Korea OEM/ODM, this is the operational pay-off of doing CRA right.
One conformity assessment, 27 markets. CE marking under CRA gives access to the entire EU/EEA single market. A French customs officer cannot stop a CRA-compliant router because Belgian regulators have a different view on firmware update intervals. The doctrine is binding under the Treaty on the Functioning of the EU (Article 34), and Article 4 is the CRA-specific expression.
Trade fairs and demos get a carve-out. Paragraph 2 lets you ship non-compliant prototypes to Hannover Messe or IFA Berlin — provided you have a visible sign saying "not yet compliant, will not be marketed until compliance". This matters more than it sounds: Taiwan ICT trade missions, Japan IIoT demonstration days, and Korea pilot deployments routinely show pre-production hardware. Article 4(2) gives the legal basis to do this without triggering market surveillance.
Article 4 does not stop national security carve-outs. Article 5 reserves Member States' right to impose additional requirements for national security or defence procurement. Article 4 only covers "matters covered by this Regulation" — meaning cybersecurity for civilian PwDE. A Member State that classifies a product as defence procurement can still impose its own requirements on top.
Free movement only protects compliance, not non-compliance. If your product is found non-compliant in one Member State under Article 54, the corrective action propagates to all 27. Free movement and free recall ride together. The same network that delivers your CRA-compliant product to 27 markets also distributes the recall order.
第 4 條看起來短、程序性,只有兩項。但實際上這條是讓 CRA 其他條文真正能執行的那一條。沒有它、每個會員國都可以為具數位元素產品自創額外的網路安全門檻,CRA 就會退化成 27 個片段的國家制度。第 4 條說:一旦你符合 CRA、會員國不得以網路安全理由阻擋你。
對台日韓 OEM/ODM 來說、這是把 CRA 做對的營運回報。
一次合規評鑑、27 個市場。CRA 下的 CE 標示讓你進入整個 EU/EEA 單一市場。法國海關不能因為比利時主管機關對韌體更新頻率有不同意見、就攔下一台 CRA 合規的 router。這個原則在《歐盟運作條約》第 34 條下具強制適用力、第 4 條是 CRA 的具體表現。
商展跟示範有例外。第 2 項允許你把不合規的原型送到 Hannover Messe 或 IFA Berlin,前提是要有明顯標示「尚未合規、合規前不投入市場」。這比表面上重要:台灣 ICT 貿易團、日本 IIoT 示範日、韓國試點部署、都常常展示量產前硬體。第 4(2) 條給這個動作合法基礎、不會觸發市場監督。
第 4 條不阻止國家安全例外。第 5 條保留會員國就國家安全或國防採購加上額外要求的權利。第 4 條只涵蓋「本法規所規範事項」:也就是民用具數位元素產品的網路安全。會員國把產品歸類為國防採購、仍然可以加上自己的要求。
自由流通只保護合規、不保護不合規。如果你的產品在一個會員國依第 54 條被認定不合規、矯正措施會傳到 27 個會員國。自由流通跟自由召回是同一條鏈子。把你 CRA 合規產品送到 27 個市場的網路、同樣也是召回令的傳送網路。
Block 3 · APAC perspective 區塊 3 · APAC 觀點
What free movement means for APAC export-oriented makers 自由流通對 APAC 出口導向廠商的意義
For Taiwan ICT exporters, Japan IIoT vendors, and Korean device makers, Article 4 is the article that converts the cost of CRA conformity into a positive ROI. Without it, you would be doing CRA plus 27 separate national overlays. With it, you do CRA once and access €15+ trillion of EU/EEA GDP.
對台灣 ICT 出口商、日本 IIoT 廠商、韓國裝置製造商來說、第 4 條是把 CRA 合規成本轉成正 ROI 的那一條。沒有它、你會做 CRA加上27 個分別的國家堆疊。有了它、你做一次 CRA、進入 EU/EEA 超過 15 兆歐元的 GDP 規模。
But the protection is conditional. "Compliant with CRA" is the gate; Article 4 only flows after you walk through it. Taiwan ODMs that under-invest in conformity assessment do not get protection — they get blocked at customs.
但這個保護有條件。「符合 CRA」是那道門;走過去之後才享受第 4 條。投資合規評鑑不足的台灣 ODM、得不到保護,會在海關被擋下來。
The free movement promise should change how APAC sales teams price CRA conformity work. Many Taiwan/Korea makers still treat CRA as a regulatory tax — a sunk cost line. The right framing is: CRA conformity is the fixed cost that unlocks variable revenue across 27 markets. The right comparison is not "CRA cost vs no CRA" but "CRA cost vs CRA + 27 national overlays if Article 4 did not exist". The latter would be 5–8× higher.
自由流通承諾應該改變 APAC 銷售團隊對 CRA 合規工作的定價方式。許多台 / 韓廠商仍把 CRA 當成法規稅,當沉沒成本看待。正確的框架是:CRA 合規是固定成本、它解鎖跨 27 個市場的可變營收。正確的對照不是「CRA 成本 vs 不做 CRA」、而是「CRA 成本 vs 沒有第 4 條時、CRA + 27 個國家堆疊的成本」。後者高 5–8 倍。
| APAC marketAPAC 市場 | Free movement implication自由流通意義 | Sales / GTM action業務 / GTM 動作 |
|---|---|---|
| Taiwan台灣 | ICT export catalogue overlaps heavily with Annex III. CRA conformity opens the entire EU; per-Member-State homologation cost disappears.ICT 出口目錄跟附件三高度重疊。CRA 合規打開整個 EU;逐會員國的型式認可成本消失。 | Reframe CRA conformity quote as a one-time market-access fee for 27 markets, not a tax. Compare €X to projected 5-year EU/EEA revenue.把 CRA 合規報價重新包裝成一次性的 27 市場進入費用、不是稅。把 €X 和預期 5 年 EU/EEA 營收做對比。 |
| Japan日本 | JC-STAR (METI/IPA) is a domestic labelling scheme — does not confer Article 4 free movement in the EU. Japan makers exporting to EU still need separate CRA conformity.JC-STAR(METI / IPA)是國內標示計畫,不賦予 EU 第 4 條自由流通。出口 EU 的日本廠商仍需另行做 CRA 合規。 | Domestic JC-STAR work accelerates engineering readiness for CRA but does not substitute. EU conformity must be a separate budget line in export pricing.國內 JC-STAR 工作可加速 CRA 的工程準備、但不能替代。出口定價中、EU 合規必須是另一條預算項。 |
| Korea韓國 | K-ISMS / KISA evaluation — same logic as Japan. Korean device makers with global GTM (Samsung, LG, mid-tier ODMs) need CRA-compliant CE marking to access EU/EEA without Member State friction.K-ISMS / KISA 評鑑,跟日本同邏輯。具全球 GTM 的韓國裝置製造商(三星、LG、中型 ODM)、需要 CRA 合規的 CE 標示、才能無摩擦進入 EU/EEA。 | Korean enterprise IoT/B2B exporters can use Article 4 as a competitive moat against China-based makers without EU conformity infrastructure.韓國企業 IoT / B2B 出口商可以把第 4 條當成對缺乏 EU 合規基礎的中國廠商的競爭護城河。 |
Trade-fair carve-out (Article 4(2)) is operationally important for APAC vendors. CES Berlin (rebranded IFA), Embedded World Nuremberg, Hannover Messe, and SPS Smart Production Solutions in Nuremberg are the four EU shows where Taiwan, Japan, Korea hardware vendors regularly demo pre-production prototypes. Without Article 4(2), every prototype on the booth would be a marketing-on-the-market act, triggering CRA conformity obligations. With it, a visible "non-compliant prototype, will not be marketed until compliant" sign on the booth is enough.
商展例外(第 4(2) 條)對 APAC 廠商在營運上很重要。Berlin CES(已改名 IFA)、Embedded World Nuremberg、Hannover Messe、Nuremberg SPS Smart Production Solutions 是台日韓硬體廠商常去示範量產前原型的四大歐洲展會。沒有第 4(2) 條、攤位上每一台原型都會構成市場上提供的行為、觸發 CRA 合規義務。有了它、攤位上明顯標示「不合規原型、合規前不投入市場」就足夠。
Practical fair-booth checklist for APAC exhibitors: (1) bilingual EN + local-language sign visible from public side of booth; (2) sign placed within line-of-sight of every demo unit; (3) demo units physically separated from any "to be ordered" product pricing material; (4) booth staff briefed not to take orders for non-compliant units.
APAC 參展商的實務攤位檢查表:(1) EN + 當地語言雙語標示、從公眾側可見;(2) 標示在每台示範機的視線範圍內;(3) 示範機跟任何「可訂購」產品定價資料、實體分開;(4) 攤位人員受訓、不接受不合規機種的訂單。
Block 4 · Cross-regulation map 區塊 4 · 跨法規對照
Article 4 in the family of EU free movement clauses 第 4 條在歐盟自由流通條款家族中的位置
Article 4 is not unique. Almost every piece of EU product harmonisation legislation has its equivalent. Knowing the family helps map how CRA fits with sister regimes the same product line might face. 第 4 條不是獨特的。幾乎每一部歐盟產品調和立法都有對應條款。了解這個家族、有助於把 CRA 跟同一產品線可能面對的姊妹制度對照。
RED — Radio Equipment Directive 2014/53/EU, Article 9RED 無線電設備指令 2014/53/EU 第 9 條
Member States shall not impede the making available on the market in their territory of radio equipment which complies with this Directive. Almost identical wording to CRA Article 4(1). Any Taiwan-made radio equipment (Wi-Fi router, BLE device, LoRa node) currently relies on RED Article 9; from CRA application date the product likely needs both — RED Article 9 for the radio side, CRA Article 4 for the cybersecurity side.
會員國不得阻礙符合本指令的無線電設備在其領土的市場上提供。措辭跟 CRA 第 4(1) 條幾乎相同。任何台灣製無線電設備(Wi-Fi router、BLE 裝置、LoRa node)現在依賴 RED 第 9 條;從 CRA 適用起、產品很可能兩者都需要,RED 第 9 條管無線電那邊、CRA 第 4 條管網路安全那邊。
EMC Directive 2014/30/EU, Article 4EMC 指令 2014/30/EU 第 4 條
Free movement clause for electromagnetic compatibility. Most CRA-covered products with digital elements also fall under EMC. The two free-movement provisions stack — same product, two CE-bearing certifications, two free-movement umbrellas.
電磁相容性的自由流通條款。大多數 CRA 涵蓋的具數位元素產品同時受 EMC 規範。兩條自由流通規定疊加,同一個產品、兩張帶 CE 的合規文件、兩把自由流通的傘。
LVD — Low Voltage Directive 2014/35/EU, Article 4LVD 低電壓指令 2014/35/EU 第 4 條
Free movement for electrical equipment within voltage limits. Together with EMC and CRA, the three free-movement clauses form the standard "electrical CE stack" that most consumer ICT products need to navigate. RED replaces LVD/EMC for radio equipment.
電壓區間內電氣設備的自由流通。跟 EMC 與 CRA 一起、三條自由流通條款構成大多數消費 ICT 產品要走的標準「電氣 CE 堆疊」。對無線電設備、RED 取代 LVD / EMC。
GPSR — General Product Safety Regulation 2023/988, Article 5GPSR 一般產品安全法規 2023/988 第 5 條
GPSR's free-movement equivalent. Article 11 of CRA explicitly derogates from parts of GPSR — for risks covered by CRA, CRA is the rule. For residual safety risks not in CRA, GPSR still applies. The two regimes coexist, with CRA taking precedence on cybersecurity.
GPSR 的自由流通對應條款。CRA 第 11 條對 GPSR 部分明文設例外,CRA 涵蓋的風險、由 CRA 規範。CRA 沒涵蓋的剩餘安全風險、仍適用 GPSR。兩個制度共存、網路安全部分以 CRA 為先。
Regulation 2019/1020 on Market Surveillance, Article 4市場監督法規 2019/1020 第 4 條
Cross-cutting horizontal market surveillance regulation. CRA Article 66 explicitly adds CRA to Annex I of 2019/1020 — meaning CRA enforcement happens through the same market-surveillance machinery as RED, EMC, LVD, GPSR. National authorities use one set of investigatory powers across all these regimes. A Taiwan ODM facing a market-surveillance inspection in Germany should expect a single inspector covering CRA + RED + EMC + LVD + GPSR.
橫向跨界的市場監督法規。CRA 第 66 條明文把 CRA 加入 2019/1020 附件一,也就是 CRA 的執法、跟 RED、EMC、LVD、GPSR 走同一套市場監督機制。國家機關用同一套調查權限跨這些制度。在德國面對市場監督檢查的台灣 ODM、應該預期是同一個檢查員涵蓋 CRA + RED + EMC + LVD + GPSR。