What is EU Cybersecurity Certification?
Certification is a tool that allows product vendors and service providers to demonstrate and advertise the cybersecurity of their solutions.
By developing cybersecurity certification at EU level, the goal is to harmonise the recognition of the level of cybersecurity of ICT solutions across the Union, allowing vendors and service providers to reach more customers.
EU certification schemes are developed by ENISA within the framework defined in the Cybersecurity Act and taking into account existing schemes and standards.
Voluntary with the goal to empower the EU Digital Single Market, the future schemes may also be encouraged as means to demonstrate compliance to requirements of other legislations. Such other legislation (i.e. eIDAS) may also mandate EU Cybersecurity certification.
Find Out More
With this website, ENISA aims at publishing all available information in order to support the ecosystem in understanding and adopting EU cybersecurity certification.
EU Cybersecurity Certification evolves within a broader EU regulatory context and ENISA is developing several schemes and projects in order to support this.
The Certification website is the reference to start with the process of EU cyber certification. Published Schemes such as EUCC are available on the website will all relevant documentations. Stakeholders such as Conformity Assessment Bodies willing to start with EU cybersecurity certification can find relevant information and guidelines.
Reference Legislations
Consolidated regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification (Cybersecurity Act). Published on 04/02/2025..
The Union Rolling Work Programme for European cybersecurity certification identifies strategic priorities for future European cybersecurity certification schemes.
The Commission Implementing Regulation setting out the planning and implementation details of NCCAs' peer reviews
This Regulation establishes the circumstances, formats and procedures for notifications of conformity assessment bodies by national cybersecurity certification authorities (NCCAs) pursuant to the CSA.
Commission website presenting the proposal for CSA2.
This Commission Implementing Regulation lays down the rules regarding the certification of European Digital Identity Wallets.
