Information for customers

In 2019, the Cybersecurity Act (CSA) came into force which introduces a European cybersecurity certification system for ICT products, services and processes.

In the years to come, the importance of certified products will increase and in some cases cybersecurity certification is expected to become mandatory. This page provides some information on the advantages of cybersecurity certification and how these cybersecurity certificates can be utilised.

Advantages of certified products and services

  1. CSA certified products and services offer a certain level of assurance regarding security. The certificate and the CSA assurance level provide a transparent indication of the security provided.
  2. CSA certification requirements are harmonised across the EU in order to ensure a level playing field for manufacturers and service providers inside and outside the EU. CSA certificates are recognised by all EU member states.
  3. CSA certificates may be required in order to prove compliance with specific regulations. The number of regulations that require a CSA certificate is expected to grow in the years to come.

How to benefit from EU certification

When purchasing ICT products or services, you may request a specific CSA certificate or you may state that you will favour CSA certification if this is available.

Most manufacturers and service providers will actively advertise their certifications since they represent added value in the marketplace. Of course, you can also check with the provider or other business partners if a product or service comes with an CSA certification.

It is important to know which certification scheme and which security level is necessary for your security assurance needs.

How to verify a CSA certificate

In the future, this website will show examples of certificates issued in the Netherlands. When the first certificates are issued, a link will be added here. An overview of all CSA certificates issued within the EU can be found on the European Union Agency for Cybersecurity (ENISA) certification website. You can also verify the validity of a certificate there. The ENISA website will be online soon. A link to the ENISA website will be added to this page as soon as this is the case.

Each certificate:

  • contains a QR code that leads you directly to the right ENISA webpage.
  • contains the dates of issuing and expiration show the validity of a certificate.
  • has a validity for a maximum of 5 years.
  • shows the Conformity Assessment Body (CAB) that issued the certificate.
  • shows the version number on the certificate. In many cases, certification relates to a specific version of a product. New versions of a product are often re-certified and in that case the certificate will be updated and the new version number added.

Note that the administrative process may cause a delay in publishing on the ENISA website. If you have any doubts or questions regarding certificates, please contact the National Cybersecurity Certification Authority (NCCA) responsible.