Brussels,
DIGITAL & SOCIETY - Cybersecurity
The EU cybersecurity certification framework
Overall, the EU cybersecurity certification framework streamlines the process of certifying ICT products across the EU, fostering trust, reducing market barriers, and ensuring a high level of security for digital products and services.
- Unified EU-Wide Certification
The framework sets out a common approach for certifying the cybersecurity of ICT products, services, and processes throughout the EU. Its goal is to reduce market fragmentation by ensuring that once an ICT product or service is certified, that certification is valid across all Member States. - Key Elements of Each Certification Scheme
- Scope: The categories of products and services covered.
- Requirements: Relevant security standards or technical specifications.
- Evaluation Method: Ranging from self-assessment to third-party assessment.
- Assurance Levels: Basic, substantial, or high—aligned with the product’s risk level.
- First EU Cybersecurity Certification Scheme on Common Criteria (EUCC)
- Launch Date: Available from 27 February 2025.
- Builds on the well-known international Common Criteria standard.
- Voluntary for vendors, covering a wide range of ICT products (e.g., biometric systems, firewalls, routers, operating systems, smart cards).
- Union Rolling Work Programme (URWP)
- Outlines a strategic vision for future EU cybersecurity certification schemes.
- Takes into account new legislation such as the Cyber Resilience Act and the European Digital Identity Regulation.
- Identifies potential areas for future schemes (e.g., ID Wallets, managed security services, industrial automation).
- Governance and Advisory Bodies
- European Cybersecurity Certification Group (ECCG): Composed of national authorities, ensuring consistent application of the Cybersecurity Act and assisting in the preparation of certification schemes.
- Stakeholder Cybersecurity Certification Group (SCCG): Advises the Commission and ENISA on strategic issues and helps develop the Union Rolling Work Programme.