About the NCCA

The Dutch NCCA is the designated National Cybersecurity Certification Authority of the Netherlands, established under the Cybersecurity Act (CSA).

The main responsibilities of the National Cybersecurity Certification Authority (NCCA) are to:    

  1. Oversee the issuing of CSA certificates at the CSA’s assurance level High;
  2. Authorise Conformity Assessment Bodies (CABs) for the CSA certification system;
  3. Supervise certificates issued throughout the lifecycle of certified ICT products, processes and services;
  4. Contribute on European level to the development and maintenance of CSA certification schemes.

The Dutch NCCA prioritises an efficient certification process and has put processes in place in close consultation with commercial CABs. This reduces processing times and bureaucracy.

Formally, all Dutch NCCA activities are carried out by the Dutch Authority for Digital Infrastructure

Prior approval model

The Netherlands has implemented the prior approval model for certification at the CSA assurance level High. Under the prior approval model, the commercial Conformity Assessment Bodies (CABs) conduct the certification and evaluation activities themselves. The Dutch NCCA oversees this certification process in close communication with CABs. Information is collected so that the certificate can be issued more swiftly at the end of the process.

Overview of the NCCA’s responsibilities

The Dutch NCCA is divided into two departments, both with different responsibilities; NCCA certification and NCCA supervision. This distinction is made to ensure independent supervision of certificates approved by the NCCA.

NCCA certification involves:    

  • Assessing whether a Conformity Assessment Body (CAB) can perform European CSA certification assessments;
  • Before a body performing certification activities can issue a certificate at the CSA’s assurance level High, the NCCA reviews the certification activities and certification report. In case of compliance, the NCCA will approve the issuing of the certificate;
  • Authorising CABs to perform activities under a specific CSA certification scheme. Those parties must comply with the general CSA requirements and the additional requirements for the scheme.

NCCA supervision involves:

  • Overseeing the compliance of certified products and services with the requirements of the scheme. This oversight is extended throughout the life cycle of the product or service and until the expiration date of the CSA certificate;
  • Overseeing the compliance of authorised certification bodies and testing laboratories with the general CSA requirements and additional scheme requirements for which they are accredited.