The EU Agency for cybersecurity (ENISA) develops draft certification schemes, upon request of the European Commission or the EU Member States. To do so, the Agency is supported by a group of experts ('Ad-Hoc Working Group') and collaborates closely with the European Commission, EU countries, and relevant stakeholders.
Involving the ecosystem
In order to build Cybersecurity Certification Schemes, ENISA relies on the ecosystem such as the Ad Hoc Working Groups (AHWGs) but also on expertise, comments and consultative views provided by the ecosystem. The Cybersecurity Act defined the main entities to support ENISA in its task.
To be effective, a draft scheme has to become a piece of EU legislation called an 'Implementing Act' [Link].
This Act has to be endorsed by all Member States. Once this Act is adopted, Member States have time to prepare the operation of the scheme before issuing certificates.
There are many opportunities to get involved early, in particular during the development of the schemes by applying to be part of Ad Hoc Working Groups or by reading and reacting to the drafts published by ENISA. Contribution to standardisation efforts is also key. Take part to the discussion and exchange with the community at the next Cybersecurity Certification Conference!
#EUCyberCertification
When schemes are enacted, further opportunities will emerge, and it will be the right time for CABs to prepare for accreditation and for everyone to prepare for certification!
Follow ENISA news and events to stay updated.