Article 114 TFEU

Article 114 of the Treaty on the Functioning of the European Union (TFEU) is a core legal basis for the EU to establish and ensure the functioning of its internal market. According to Article 114(1), the European Parliament and the Council can adopt measures to approximate the laws, regulations, or administrative provisions of Member States that affect the internal market. Many horizontal EU regulations, such as the Cyber Resilience Act (CRA) which has a profound global impact, are based on this article to create uniform cybersecurity standards for digital products and eliminate market barriers caused by differing national rules.

Taiwanese companies that export products with digital elements (both hardware and software) to the EU market must comply with regulations based on Article 114 TFEU, such as the Cyber Resilience Act (CRA). The consequences of non-compliance are severe, including product bans, sales restrictions, or recalls from the market, as well as substantial fines of up to €15 million or 2.5% of the company's total worldwide annual turnover, whichever is higher. This poses a direct legal and financial risk for Taiwan's export-oriented tech and manufacturing industries, making it a critical market access requirement.

Article 114 TFEU is a legal basis, and the resulting Cyber Resilience Act (CRA) is highly correlated with several international standards. Companies can reference these standards to implement CRA requirements, for example: - **ISO/IEC 27001**: A framework for Information Security Management Systems, which helps establish the risk assessment and management processes required by the CRA. - **IEC 62443 series**: Cybersecurity standards for industrial automation and control systems, corresponding to CRA requirements in the Industrial IoT (IIoT) sector. - **ISO/SAE 21434**: A standard for cybersecurity engineering in road vehicles. Although the automotive sector has specific regulations, its principles of secure design and risk management are valuable references. - **NIST Cybersecurity Framework (CSF)**: This framework's five core functions—Identify, Protect, Detect, Respond, Recover—provide a practical guide for implementing the secure product lifecycle mandated by the CRA.

As Taiwan's first professional management consulting firm to integrate ERM, industrial engineering, technology law, and data science, Winners Consulting offers a unique advantage. Our founder's background in preventive law enables us to translate complex legal requirements into actionable internal processes. For intricate regulations like the CRA, based on Article 114 TFEU, our cross-disciplinary team provides unparalleled value: tech lawyers analyze regulatory impacts, while ISO lead auditors seamlessly integrate compliance into existing management systems and internal controls, preventing redundant structures. Having assisted leading semiconductor companies like TSMC and MediaTek in enhancing their cybersecurity, we excel at bridging international law with industry best practices, offering a one-stop solution from risk assessment to process design and technical implementation.