At the eighth edition of the certification conference, the European Union Agency for Cybersecurity (ENISA) celebrates the first accredited Conformity Assessment Bodies for the EU Cybersecurity Certification scheme on Common Criteria (EUCC).
The award-wining list includes:
France
- SERMA Safety and Security
Germany
- Atsec information security GmbH
- Bundesamt für Sicherheit in der Informationstechnik
- Deutsche Telekom Security GmbH
- Secuvera GmbH
- SRC Security Research & Consulting GmbH
- TÜV Informationstechnik GmbH
Spain
- Applus+ Laboratories
- DEKRA
Sweden
- Atsec information security AB
The Cybersecurity Certification Conference took place at the Copernicus Science Centre in Warsaw, under the auspices of the Polish Presidency of the Council of the EU and with the support of NASK and the European Commission. The event aimed to bring together stakeholders in the cybersecurity certification ecosystem to reflect on the milestones that have shaped the certification path so far and to look ahead at future developments and opportunities.
“Recent developments in the EU cybersecurity regulatory framework underline that the EU is prioritising the security of products and services,” Juhan Lepassaar, executive director at the EU Agency for Cybersecurity, highlighted. “Certification is playing a central role in building a trusted digital internal market, extending far beyond the work of ENISA. The EU Cybersecurity Certification scheme on Common Criteria, EUCC, is an achievement, and we are proud of the collaborative efforts that will make its use widespread.”
“We are currently working on a new law—the National Cybersecurity Certification System—which we anticipate finalizing by autumn this year. This legislation will closely interact with our existing national cybersecurity framework, creating a robust and comprehensive system,” according to Paweł Kostkiewicz, NASK director of certification. “The interplay between these two regulations highlights that cybersecurity certification is not just complementary but fundamental to our national and European digital security strategy.”
Kostkiewicz added that “this law represents our commitment to building trust, enhancing capabilities, and ensuring that cybersecurity certification becomes a cornerstone of secure digital infrastructure across Europe. At the end, I just want to leave you with one key message: Let’s build Europe secure by design, together.”
This year marks both the anniversary of the entry into force of the EUCC, the very first European cybersecurity scheme adopted, and the celebration of the first EUCC-accredited Conformity Assessment Bodies (CABs). The landmark in the certification field is paving the way for certified products soon.
On the occasion of the Cybersecurity Certification conference, the efforts and progress made by EU Member States and their supporting ecosystem of CABs in the certification journey were acknowledged and celebrated.
Under the Cybersecurity Act that outlines ENISA’s mandate as well as the European Cybersecurity Certification Framework, EU Member States were tasked to designate their National Cybersecurity Certification Authorities (NCCAs)and to notify the Commission of Conformity Assessment Bodies (CABs) for each scheme, namely for the EUCC. First, Conformity Assessment Bodies (CABs) that will be performing evaluations and certifications for the issuance of EUCC certificates and emitting EUCC certificates have been accredited, therefore paving the way towards delivery of the first EUCC certificates.
Among the topics addressed in the panels moderated by ENISA, highlights were on how certification can support both cyber risks and EU cybersecurity legislation; the need to ensure smooth transition towards the new schemes adopted; and the necessary commitment of all stakeholders to ensure the success of schemes and their positive impact for the market, both at EU and international level.
