The Commission of the European Union (EU) has published detailed regulations for the cybersecurity certification of certain products, taking the next step in implementing an EU-wide cybersecurity certification scheme (EUCC) for information and communication technology (ICT) systems and products.
Published in the Official Journal of the European Union in early February, Commission Implementing Regulation (EU) 2024/482 lays out the structure of the common criteria and common evaluation methodology underlying the EUCC, consistent with the framework originally set out by the Commission in 2019. Specifically, the Implementing Regulation details the specific standards and requirements for the evaluation of ICT products, the information necessary for certification, and marking and labeling requirements.
The Implementing Regulation also provides information on conformity assessment bodies certifying devices under the EUCC, post-certification compliance and monitoring, and the consequences for the identification of non-conforming products.