The European Union has introduced its inaugural Cybersecurity Certification scheme, known as the European Cybersecurity Scheme on Common Criteria (EUCC), to bolster the cybersecurity of IT products and services within its member states. Developed by the European Union Agency for Cybersecurity (ENISA) in collaboration with member countries, this voluntary scheme replaces existing national certifications. The EUCC enables ICT suppliers to undergo a standardized assessment process, demonstrating cybersecurity assurance for digital products, hardware, and software. It offers two assurance levels based on the risk associated with the intended use of the product or service, encouraging suppliers to enhance their security practices and enabling European ICT providers to compete effectively in various markets.
The EUCC’s adoption marks a significant milestone toward creating a trusted digital single market in the EU, forming part of the broader EU cybersecurity certification framework. ENISA is concurrently working on two additional cybersecurity certification schemes for cloud services and 5G security. The agency is also conducting a feasibility study on EU cybersecurity certification requirements for artificial intelligence (AI). This move aligns with the EU’s broader legislative initiatives, including the Cyber Resilience Act (CRA) and the updated Network and Information Security Directive (NIS2), aimed at establishing security requirements for connected devices and imposing common cybersecurity standards on critical industry organizations.
As businesses face increasing compliance requirements and stakeholder awareness of cyber and privacy issues grows, certifications like EUCC play a crucial role in demonstrating security competence. The EU’s commitment to strengthening cybersecurity is evident in its continuous efforts to update and establish regulations and standards, addressing emerging challenges in the digital landscape.
Reference:
