Celebrating the First EUCC Accredited Conformity Assessment Bodies

Right after the first anniversary of EUCC and its entry into force allowing certificates to be issued, the European Agency for Cybersecurity is pleased to celebrate the first Certification Bodies (CBs) and testing laboratories (ITSEFs) to provide evaluation and certification activities for the certification scheme.

Held during the latest European Cybersecurity Certification Conference, the ceremony is a chance to showcase EUCC's early adopters' efforts to step into the first EU Cybersecurity certification scheme.

ENISA invited successful entities to step on the stage and share their experience of becoming accredited - and where necessary authorised- CABs.

Accreditation is necessary for CABs willing to assess and deliver certificates at a substantial level software, components, or hardware against EUCC. Those willing to provide certificates at a high level need an additional step by the National Cybersecurity Certification Authority. 

The list of accredited and authorised conformity assessment bodies (CABs), as notified by the NCCAs to the European Commission, will be available in the NANDO platform.

The EU Cybersecurity Certification Community is now waiting for the first EUCC certificates.

The award-wining list includes the following:

France:

• SERMA Safety and Security

Germany

• Atsec information security GmbH
• Bundesamt für Sicherheit in der Informationstechnik  
• Deutsche Telekom Security GmbH
• Secuvera GmbH
• SRC Security Research & Consulting GmbH
• TÜV Informationstechnik GmbH

Spain

• Applus+ Laboratories  
• DEKRA

Sweden

• Atsec information security AB

Some quotes from the first accredited CABs:

Rasma Araby, CEO of atsec AB Sweden, stated:

We are thrilled to announce a significant milestone in atsec Information Security’s journey—our official recognition as a Conformity Assessment Body (CAB) under the EUCC framework. Having long operated as an IT Security Evaluation Facility (ITSEF), we have built a strong reputation for our expertise in assessing IT products. Now, as a CAB, atsec elevates its role by offering a seamless, end-to-end pathway for IT product developers—from rigorous evaluation to official certification.

Secuvera ITSEF wished:

ENISA all the best for the conference and for the start of EUCC certifications. We are looking forward to offer the global market CC certifications recognized in the whole EU.

John BILLOW, Head of Department Cybersecurity and certification from National Cybersecurity Certification Authority – Sweden 

We are happy that Sweden has among the EU’s first certification bodies and evaluation facilities for EUCC. The Swedish market now has local access to these certification services. This lowers the threshold for Swedish companies to access the entire EU’s internal market in the area of cybersecurity certification. A key to success in being able to have assessment bodies established in Sweden has been the close cooperation with the national accreditation body as well as other national and international authorities and the exchange of best practice and information within the EU’s different expert and cooperation groups.