Skip to main content
Shaping Europe’s digital future
News article | Publication

Have Your Say on the European Common Criteria-based cybersecurity certification scheme (EUCC)

Certification helps customers to make informed decisions on their purchases. In cybersecurity, certification helps to discover and remove unnecessary risks of ICT products, processes and services. All stakeholders interested in EU cybersecurity certification are now invited to express their views.

Safe internet surfing

iStock by Getty Images - Urupong

The European Common Criteria-based cybersecurity certification scheme (EUCC) is a first scheme prepared under the Cybersecurity Act certification framework. It can be used for various purposes, such as certifying security measures of chips, routers, cryptography modules and even software. It can be used to strengthen cybersecurity in critical infrastructures and support the implementation of the NIS2 directive, as well as the planned Cyber Resilience Act.

The possibility of certifying ICT products as well as protection profiles makes this scheme ubiquitous and flexible. It introduces new elements, such as non-conformity and non-compliance monitoring, and vulnerability management policies. The scheme also boosts the cooperation among its stakeholders from public cybersecurity authorities, businesses and accreditation bodies. Finally, EUCC continues proven practices of the SOG-IS certification arrangement, while being open for mutual recognition with like-minded partners outside of the Union.

We invite stakeholders interested in the scheme, in particular conformity assessment bodies (especially certification bodies and ITSEF issuing Common Criteria certificates), consumers of Common Criteria-certified products, manufacturers of ICT products, vulnerability researchers and stakeholders interested in development of protection profiles to contribute to the consultation.