With the adoption of the Cybersecurity Act (CSA), a new framework for cybersecurity certification is introduced within the EU. This framework provides an EU-wide approach towards cybersecurity certification where issued certificates are applicable across the EU and valid in all member states.
EU cybersecurity certificates provide businesses and consumers with accurate information regarding the security assurance of certified ICT products and services. While certification does not guarantee that an ICT product or service is cyber-secure (as explicitly stated in the CSA), an EU cybersecurity certificate does demonstrate compliance with the criteria of a cybersecurity scheme. European cybersecurity certification is voluntary, but it can and likely will be used to demonstrate compliance with other EU or member state laws.
Each EU cybersecurity certificate provides information about its validity and the certification scheme under which it was issued. Currently, no EU cybersecurity certificates have been issued. Once the first certificate is issued, this website will maintain an overview of all EU cybersecurity certificates issued within the Netherlands. The European cybersecurity agency ENISA will also maintain a website with all issued certificates.
The Netherlands has implemented the prior approval model, which enables certification projects to conclude in a predictable and timely manner. All EU cybersecurity certificates issued in the Netherlands are subject to supervision by the Dutch National Cybersecurity Certification Authority (NCCA)
CSA certification schemes
In order to certify a wide range of products and services in the field of cybersecurity, multiple certification schemes are being developed under the Cybersecurity Act. Each scheme has its own scope, specific applications, and set of certification requirements.
Below, you will find a brief introduction to the schemes that are currently active or will become active in the near future.
Common Criteria certification
The EU Cybersecurity Certification Scheme on Common Criteria (EUCC) is a certification scheme developed for the EU cybersecurity certification of ICT products. Common Criteria is a set of specifications and guidelines designed to evaluate and certify software, hardware and firmware in the area of cybersecurity.
Cloud Services certification
The EU Cybersecurity Certification Scheme for Cloud Services (EUCS) is one of the first schemes being developed under the CSA. This scheme boosts trust in cloud services by defining a reference set of security requirements. It is applicable for all kinds of cloud services – IaaS, PaaS, SaaS, and other Cloud Services including subservices.
