The Cybersecurity Act (CSA) introduced a new European framework for the cybersecurity certification of ICT products and services. In the years to come, the importance of certified products will increase and in some cases EU cybersecurity certification is expected to become mandatory. This page provides some information on the advantages of EU cybersecurity certification and how the certificates can be utilised.

Advantages of certified products and services

• EU cybersecurity certified products and services offer a certain level of assurance regarding security. The certificate and the CSA assurance level provide a transparent indication of the security provided.
• Certification requirements are harmonised across the EU in order to ensure a level playing field for manufacturers and service providers inside and outside the EU. EU cybersecurity certificates are recognised by all EU member states.
• EU cybersecurity certificates may be required in order to prove compliance with specific regulations. The number of regulations that require a EU cybersecurity certificate is expected to grow in the years to come.

How to benefit from EU cybersecurity certification

When purchasing ICT products or services, you may request a specific EU cybersecurity certificate or you may state that you will favour EU cybersecurity certification if this is available.

Most manufacturers and service providers will actively advertise their certifications since they represent added value in the marketplace. Of course, you can also check with the provider or other business partners if a product or service comes with an EU cybersecurity certification.

It is important to know which certification scheme and which security level is necessary for your security assurance needs. The first certification schemes created under the Cybersecurity Act are the Common Criteria-based European Cybersecurity Certification Scheme (EUCC) and the European Cybersecurity Certification Scheme for Cloud Services (EUCS).

How to verify a certificate

In the future, this website will show examples of EU cybersecurity certificates issued in the Netherlands. When the first certificates are issued, a link will be added here. An overview of all EU cybersecurity certificates issued within the EU can be found on the European Union Agency for Cybersecurity (ENISA) certification website. You can also verify the validity of a certificate there. The ENISA website will be online soon, and a link will be added to this page as soon as this is the case.

Each EU cybersecurity certificate:

• contains a QR code that leads you directly to the right ENISA webpage.
• contains the dates of issuing and expiration show the validity of a certificate.
• has a validity for a maximum of 5 years.
• shows the Conformity Assessment Body (CAB) that issued the certificate.
• shows the version number on the certificate. In many cases, certification relates to a specific version of a product. New versions of a product are often re-certified and in that case the certificate will be updated and the new version number added.

Note that the administrative process may cause a delay in publishing on the ENISA website. If you have any doubts or questions regarding EU cybersecurity certificates, please contact the National Cybersecurity Certification Authority (NCCA) responsible.