The European Commission and ENISA (the European Union Agency for Cybersecurity) on January 31st published the regulation for the application of Regulation (EU) 2019/881 of the European Parliament and of the Council, as regards the adoption of the European Common Criteria-based cybersecurity certification scheme (EUCC).
The EUCC is a standardized approach to assess and certify the cybersecurity of hardware and software ICT products across the European Union. This framework builds upon the established Common Criteria (CC) for Information Technology Security Evaluation (ISO/IEC 15408) and its methodology (ISO/IEC 18045).
To comply with the EUCC the Conformity Assessment Bodies (CABs), recognized and accredited by the European Cybersecurity Certification Group (ECCG), will conduct the evaluation based on the Evaluation Assurance Levels (‘EAL’). Certified products will carry the EUCC label.
Although the EUCC has been published, the scheme is still under development, with the specific timeline for its full implementation yet to be announced.
Type Approval – Market Access Requirements Impacted? Yes
Spectrum Impacted? No
Imports Impacted? Yes