Common framework to certify ICT products in the EU

The recently adopted European cybersecurity certification scheme introduces binding cybersecurity requirements, standards and procedures for all hardware and software products in the EU, increasing trust and security for their users.

“We want our citizens, businesses, and the public sector to be able to trust the products they rely upon for securing their networks and for providing sensitive public services”, said Thierry Breton, Commissioner for Internal Market. 

The resulting certificate will be recognised in all EU Member States, making it easier for businesses to trade across borders and for purchasers to understand the security features of the product or service.

The scheme was prepared by the European Union Agency for Cybersecurity (ENISA) in close cooperation with industry experts and Member States, and after public consultation. It is in line with the EU Cybersecurity Act and complements the Cyber Resilience Act. 

Moreover, the Commission and relevant US regulatory agencies have been exploring mutual recognition on cybersecurity requirements on Internet of Things (IoT) hardware and software consumer products. The two sides also agreed to further collaborate in the fields of critical infrastructure protection, software security and artificial intelligence. (More information)

Sources: The original articles were published here and here