Exploring the Feasibility of EU Cybersecurity Certification in support of New Technologies

Back to News

Once more, the European Union Agency for Cybersecurity (ENISA), organises the Cybersecurity Certification Conference, during the twice annually cybersecurity certification week that brings together experts, private stakeholders and public authorities representatives.

The annual ENISA Cybersecurity Certification Conference 2023

The ENISA Cybersecurity Certification Conference 2023, is the public highlight of the spring certification week held in Athens on 25 May 2023. The conference tackled the impact of upcoming EU laws and frameworks on cybersecurity certification and addressing the challenge of cybersecurity certification requirements concerning new technologies.

In particular, the conference is a forum to discuss the requirements of the Cybersecurity Act, the proposed Cyber Resilience Act, the EU Digital Identity Wallet as well as preliminary observations stemming from the new ENISA feasibility study on cybersecurity certification of Artificial Intelligence (AI).

The Cybersecurity Certification Week

During the last week of May 2023 ENISA hosts the certification week with plenary sessions of the three ad hoc certification working groups building the candidate schemes on:

  • EUCC – the European Common Criteria-based European candidate cybersecurity certification scheme;
  • EUCS – the European Cybersecurity Certification Scheme for Cloud Services; and,
  • EU5G – concerning an EU cybersecurity certification scheme for 5G network equipment and identities.

Furthermore, experts also get together in a joint session to discuss horizontal topics that include:

  • Vulnerability handling for certified solutions;
  • Pen testing methodologies during evaluations;
  • Certification: Market Uptakes & Building the Community;
  • New developments such as feasibility studies on the EU Digital Identity Wallet and on AI.

Delegates from across the EU Member States are also meeting at the European Cybersecurity Certification Group (ECCG) and the Stakeholders Cybersecurity Certification Group (SCCG), also convenes in hybrid form.

Highlights of the Certification Conference

  • Reconciling with the complex cybersecurity policy ecosystem

This year’s conference focuses on the challenges related to the implementation of cybersecurity certification in a moving regulation landscape such as NIS2, and proposals including the AI Act and the Cyber Resilience Act currently under legislative scrutiny.

Panels seek to assess how the developed schemes adequately meet the requirements of new and upcoming regulations as well as whether they are fit for purpose and sufficiently address the challenges raised by new technologies or their developments.

  • Cybersecurity certification for AI

As the discussion on the European approach to AI is ramping up, with the European Parliament's leading committees having just adopted their position on the proposal for a EU regulation on AI (the so called “AI Act”), the need for a cyber secure AI and the question of how it can be achieved are ever-more pressing. Earlier this year ENISA published a report on standardisation and cyber secure AI and is now continuing this work with an assessment on the feasibility of a cybersecurity certification scheme for AI.

As part of this work, the Certification Week hosts an expert panel of representatives of governments and standardisation bodies to review the challenges in implementing policies on AI of course with a focus on cybersecurity and certification.

On the occasion of the conference, ENISA animates a panel to engage discussions on the EUID Wallet in regards with the EU Cybersecurity Certification Framework.

Cybersecurity certification: the minute account

The EU cybersecurity certification framework has the objective to establish and maintain trust and security in Information and Communications Technology (ICT) products, ICT services and ICT processes.

Beyond the purely technical requirements certification establishes, these EU frameworks are also developed to strengthen the EU market. Certification is therefore to be seen as a tool to deal with socio-economic aspects such as users’ trust, the duty of care of a manufacturer or provider and prevention of cybersecurity failure to protect market reputation.

Certification, however, faces the challenge of addressing new technologies and usage.

Target audience of the ENISA Cybersecurity Certification Conference

  • Experts from public authorities that are competent for cybersecurity certification and market across the EU Member States;
  • European Institutions with a competence or an interest in cybersecurity;
  • Conformity Assessment Bodies, Cybersecurity evaluators and auditors;
  • Business and industry representatives;
  • Researchers and the academic community.

Further Information

ENISA Certification Conference

ENISA Certification mini-site

ENISA Topic on Certification

Cybersecurity of AI and standardisation – 2023 ENISA report

Cyber Resilience Act Proposal

AI Act Proposal

Cybersecurity Act

Contact

For press questions and interviews, please contact press (at) enisa.europa.eu