European Union: The European Commission adopts the first voluntary certification scheme for cybersecurity


On January 31, 2024, the  EU cybersecurity certification scheme on Common Criteria (EUCC), drafted by the European Cybersecurity Agency (ENISA), has been adopted by the European Commission as the first certification scheme within the EU Cybersecurity Certification Framework. The certification program will apply to all ICT products. While the implementation of the certification scheme is part of EU law, this cybersecurity certification framework is voluntary. The EUCC will eventually replace the previous national certification scheme established under the SOG-IS protocol. The certification program has been approved and will be published in the Official Journal (OJ) one year after the date of publication.

Click this link to view ENISA's press release regarding EUCC, click this link to view the original EUCC regulation.