EU Cybersecurity Certification actors and their roles

You might have already heard about EU cyber security certification. Let's now see the key actors and their role at first the European Union Agency for cyber security. ENISA develops certification schemes together with stakeholders based on a risk management approach. Each scheme can propose up to three levels of assurance. Then the European Commission transform the draft schemes into legal documents called implementing acts which are supported by guidance documents. National Cybersecurity Certification Authorities are designated in each member state and have the responsibility to supervise the implementation of the schemes and notify and authorize Conformity assessment bodies where applicable. National Cybersecurity Certification Authorities deliver certificates but they are not the only ones participating in the certification process. Private Conformity Assessment Bodies accredited by National Accreditation Bodies certify for the basic and substantial Assurance levels. National Cybersecurity Certification Authorities as well as National Accreditation Bodies are subject to peer-evaluations which allow for better harmonization of EU schemes. With all these actors in place the certificates can be delivered to providers of compliant ICT solutions. As certified solutions might reveal vulnerabilities during their life cycle ENISA is working hard on defining suitable conditions to ensure trust throughout the certificate lifetime. ENISA also makes sure that certification plays a significant role in future cyber security regulations. To stay updated or find more information about the European Cybersecurity certification follow the European Union Agency for cyber security online.

© ENISA - Creative Commons 4.0