What is EUCC Certification?

EUCC is the new Common Criteria-based scheme established under the European Commission's Implementing Act Regulation (EU) 2024/482. All ICT products can be certified using the rules of the new certification scheme.

Applus+ Laboratories have more than 20 year’s experience in Common Criteria and Cybersecurity evaluations, can act as an Evaluation Laboratory (ITSEF)* for ICT products providers and manufacturers demonstrating their products' compliance with the 'substantial' or 'high' assurance levels operated by the EUCC scheme. This not only facilitates access to the EU internal market but also strengthens consumer confidence in the security of ICT products.

Benefits of EUCC Certification

Here are some of the benefits of EUCC certification:

  • Trust: EUCC certification acts as a quality and security certificate that boosts users' and customers' trust in ICT products.
  • Regulatory Compliance: It facilitates ICT products' compliance with EU cybersecurity regulations and standards, essential for operating within the European market.
  • Market Competitiveness: Certified products under the EUCC scheme stand out in the market, offering a significant competitive advantage.
  • Risk Reduction: Evaluation and certification help identify and mitigate security risks, protecting both providers and end-users from potential cyber threats.

EUCC Evaluation Scope: Products and Assurance Levels

The EUCC scheme is applicable to a broad spectrum of ICT products or Protection Profiles intended for the European Union Internal Market. These ICT products essentially must meet the 'substantial' or 'high' assurance levels specified under the EUCC scheme by the Cybersecurity Act (CSA) by essentially incorporating security requirements extracted from Part 2 of Common Criteria.

Some ICT products as examples:

  • network devices such as access points, firewalls, load balancers, etc.,
  • operating systems and applications such as linux, mobile applications, etc.,
  • hardware security boxes such as Points of (Payment) Interaction and Payment Terminals, digital tachographs, etc.,
  • smart cards and similar devices, such as machine-readable travel documents, identification, secure elements, javacard/multos platforms, etc.

How to obtain EUCC certification?

If you want to start an evaluation process, take into account the next items:

  1. Choose the assurance level for your product according to your product security expectations.
  2. Write your Security Target based on a protection profile (Annex II), if existing.
  3. If High assurance, consider the latest State of the art documents related to the Technical Domains documents.
  4. Prepare the technical documentation to be evaluated (Article 7).
  5. Prepare the information related to Vulnerability Monitoring and Handling process and patch management. (Article 27 and Annex IV.3).
  6. Set your procedures on Remedial actions for Non-conformities (Article 29).
  7. Engage your ITSEF and CB and start the Certification Process. Applus+ Laboratories can help you, Contact us!

Here you can find the evaluation process:

*Is Applus+ Laboratories accredited and authorized to perform EUCC evaluations?

Applus+ Laboratories is under the final step processes to become one of the first accredited and authorized EUCC ITSEF for the CSA levels of Substantial (AVA_VAN.1 and AVA_VAN.2) and High (from AVA_VAN.3 on).

Applus+ Laboratories successfully conducts evaluations for Common Criteria under current National Common Criteria schemes and SOGI-S and can provide you with the best evaluation services due to its wide and deep recognized experience in the Common Criteria field offering:

  • EAL-based Evaluations.
  • PP-based Evaluations.
  • Technical Domains (for high assurance).

Transition phase from Common Criteria scheme to EUCC certification

A transition phase has been introduced to allow EU national schemes operating current Common Criteria evaluations to complete existing or new evaluations started within the first 12 months after entry into force. These must be completed within 24 months of entry into force. Entry into force date of the EUCC Implementing act was: 27/02/2024.


Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). Click HERE for more information. You can accept all cookies by pressing the "Accept" button or configure or reject their use by clicking here.

Cookie settings panel