The European Union Agency for Cybersecurity welcomes the European Commission request for a candidate cybersecurity certification scheme on 5G networks.
Following a request by the European Commission, ENISA will proceed with the preparation of the new candidate cybersecurity certification scheme on 5G. This step follows on from the EU toolbox for 5G security and it is expected to further enhance the cybersecurity of 5G networks as it contributes to addressing certain risks, as part of a broader risk mitigation strategy.
To this effect, a cybersecurity certification scheme on 5G will be based on provisions already available by means of existing cybersecurity certification schemes as well as experience already acquired since the Agency started engaging in cybersecurity certification.
European Commissioner for the Internal Market, Thierry Breton, stated that: “Security is at the core of 5G technology roll-out. EU-wide certification, in combination with other types of measures in the EU 5G Toolbox, supports our efforts to optimise 5G security and patch technical vulnerabilities. This is why it is important that Member States make further progress in implementing the Toolbox”.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, said: “The certification of 5G networks emerges as the logical next step in the EU Cybersecurity Strategy for the Digital Decade. The new initiative builds on the actions already engaged in to mitigate the cybersecurity risks of the 5G technology”.
This request meets the requirements of the Cybersecurity Act, which allows the European Commission to issue a request for a cybersecurity certification scheme to ENISA outside the scope of the Union Rolling Work Programme, if duly justified.
ENISA is looking forward to contributing and supporting the Commission in the development and realisation of a cybersecurity certification scheme for 5G and will cooperate with and take due account of the inputs of relevant stakeholders. The European Cybersecurity Certification Group (ECCG), the NIS Cooperation Group Work Stream and its subgroup on 5G standardisation and certification will be informed of the planning and progress continuously and will be given many opportunities to participate. Experts in 5G will be invited to be involved via the ad hoc working group work that ENISA will establish for the scheme development. The call will be published on ENISA’s website.
Background
Adopted in 2019, the Cybersecurity Act established the European Cybersecurity Certification Framework that allows creating market-driven EU certification schemes and helps reduce fragmentation between existing cyber certification schemes. This framework will deliver certification schemes recognised in all Member States, making it easier for businesses to trade across borders and for users to understand the security features of the product or service. More information on the EU's actions to strengthen cybersecurity capacities, including for 5G networks, are available in this brochure.
Further Information
ENISA website - Certification Topic
Cybersecurity Standardisation Conference
EU Cybersecurity Strategy for the Digital Decade
Contacts
For questions related to the press and interviews, please contact press (at) enisa.europa.eu