Cybersecurity: the European certification system has been approved


Europe's digital space will be more secure. The European Commission has adopted the first European Cybersecurity Certification System.

The system offers an EU-wide set of standards and procedures on how to certify ICT products in their lifecycle and thus make them more trustworthy for users. Certification formally recognises that ICT products are trusted to protect the hardware and software that citizens use every day.

The new legislative instrument will complement the law on cyber resilience, which introduces binding cybersecurity requirements for all hardware and software products in the EU. This important step forward contributes to promoting Europe's digital leadership in the world. The system will also support the implementation of the NIS 2 directive.

The system will soon be published in the Official Journal of the EU and will enter into force 20 days after publication. Together with the certification scheme, the Commission will also publish the Union's first progressive work programme for European cybersecurity certification. The document outlines a vision and strategic thinking on possible areas for future European cybersecurity certification schemes, taking into account recent legislative and market developments.

The system adopted is based on drafts developed by the European Union Agency for Cyber Security (ENISA) in close cooperation with industry experts and Member States, following technical and legal discussions as well as public consultations.