The European Common Criteria-based cybersecurity certification scheme (EUCC) is established under the European Commission's Implementing Act Regulation (EU) 2024/482, related to Regulation (EU) 2019/881, commonly known as the Cybersecurity Act (CSA).
The EUCC is the first scheme created under the CSA requirements. Some other schemes are still being put together: particularly, in particular the EU5G and the EUCS. And, with more to come!
The EUCC scheme is designed to set the rules and obligations, as well as the structure, for certifying information and communication technology (ICT) products. The scheme leverages established international standards, notably the Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) and the Common Evaluation Methodology (ISO/IEC 18045) and mandates third-party conformity assessments by accredited ITSEFs.
Certificates will be valid for a maximum of five years unless this period is extended with the authorisation of an NCCA (National Cybersecurity Certification Authority).
The EUCC uses the Common Criteria’s vulnerability assessment family (AVA_VAN), components 1 to 5. This component will be indicating the CSA level of Substantial and High as follows:
Along with the changes introduced by the EUCC, there are some significant aspects that need to be considered beyond the existing practices of current National Common Criteria schemes:
The EUCC scheme and the Cyber Resilience Act (CRA) work in tandem to present compliance, however, achieving complete adherence to the CRA requires further actions in EUCC. Applus+ Laboratories helps ENISA to identify and analyze the gap between the two regulations and the EUCC workarounds to comply with CRA.
Applus+ Laboratories is in the final stages of becoming one of the first accredited and authorized EUCC laboratories (ITSEF) for the CSA levels of Substantial and High. For more information on the EUCC certification scheme and its relationship with the existing Common Criteria, the Cybersecurity Resilience Act, and the upcoming steps related to different cybersecurity regulations being implemented by the EU, please feel free to contact us.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). Click HERE for more information. You can accept all cookies by pressing the "Accept" button or configure or reject their use by clicking here.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy