In June 2019, the European Cybersecurity Act was instituted, introducing the first-ever EU-wide rules on the cybersecurity certification of products, processes, and services. This serves to strengthen the role of the EU Agency for Cybersecurity (ENISA).
“The European cybersecurity certification framework establishes tailored and risk-based EU certification schemes, aiming to increase the cybersecurity of online services and consumer devices. Such European cybersecurity certification scheme comprises a comprehensive set of EU-wide rules, technical requirements, standards and procedures serving to evaluate a specific product, service or process on the basis of its cybersecurity properties. Each certificate will carry one of three assurance levels, and will be recognized EU-wide.
The harmonized rules are expected to facilitate cross-border trade of relevant products and services, reduce market-entry barriers, and simplify the process of cybersecurity certification.
ENISA has received a permanent mandate with additional responsibilities and resources to better help Member States in addressing cybersecurity threats and incidents. This includes support to policy implementation, standardization, certification, crisis management and coordinated vulnerability disclosure. ENISA's mandate has been applicable since 27 June 2019. The Commission is currently preparing the requests for ENISA to design certification schemes and to establish two expert groups:
the European Cybersecurity Certification Group, consisting of Member States representatives; and
the Stakeholder Cybersecurity Certification Group, mandated to advise ENISA and the Commission.
I.a. on the basis of a public consultation, the Commission will identify strategic priorities for certification and a list of ICT products, services and processes to be included in the scheme.”
See further information here...