ANNEX II
INFORMATION AND INSTRUCTIONS FOR THE USER
The product with digital elements shall be accompanied by at least:
the name, registered trade name, or registered trademark of the manufacturer, and the postal address, email address, or other digital means of communication, as well as, if available, the website where the manufacturer can be contacted;
the central point of contact where information about vulnerabilities of the product with digital elements can be reported and received, and where the manufacturer's policy on coordinated disclosure of vulnerabilities can be found;
name and type and any additional information that enables the unique identification of the product with digital elements;
the intended purpose of the product with digital elements, including the security environment provided by the manufacturer, as well as the essential functions and information about the security features of the product;
any known or foreseeable circumstance related to the use of the product with digital elements in accordance with its intended purpose or in a situation of reasonably foreseeable misuse, which could lead to significant cybersecurity risks;
where applicable, the internet address at which the EU declaration of conformity can be consulted;
the type of technical security support offered by the manufacturer and the end date of the support period during which users can expect vulnerabilities to be addressed and security updates to be provided;
detailed instructions or an internet address relating to such detailed instructions and information about:
the necessary measures during initial commissioning and throughout the entire service life of the product with digital elements to ensure its safe use;
how changes to the product involving digital elements may affect data security;
how security-related updates can be installed;
the safe decommissioning of the product with digital elements, including information on how user data can be securely deleted;
how the default setting that enables the automatic installation of security updates, as required by Part I, point 2(c) of Annex I, can be disabled;
if the product with digital elements is intended to be integrated into other products with digital elements, the information necessary for the integrator to comply with the essential cybersecurity requirements set out in Annex I and the documentation requirements set out in Annex VII.
if the manufacturer decides to make the software bill of materials available to the user, information about where the software bill of materials can be consulted.
