iStock by Getty Images - Urupong
The European Common Criteria-based cybersecurity certification scheme (EUCC) is a first scheme prepared under the Cybersecurity Act certification framework. It can be used for various purposes, such as certifying security measures of chips, routers, cryptography modules and even software. It can be used to strengthen cybersecurity in critical infrastructures and support the implementation of the NIS2 directive, as well as the planned Cyber Resilience Act.
The possibility of certifying ICT products as well as protection profiles makes this scheme ubiquitous and flexible. It introduces new elements, such as non-conformity and non-compliance monitoring, and vulnerability management policies. The scheme also boosts the cooperation among its stakeholders from public cybersecurity authorities, businesses and accreditation bodies. Finally, EUCC continues proven practices of the SOG-IS certification arrangement, while being open for mutual recognition with like-minded partners outside of the Union.
We invite stakeholders interested in the scheme, in particular conformity assessment bodies (especially certification bodies and ITSEF issuing Common Criteria certificates), consumers of Common Criteria-certified products, manufacturers of ICT products, vulnerability researchers and stakeholders interested in development of protection profiles to contribute to the consultation.