European Cybersecurity Certification: Celebrating achievements and exploring future horizons

The Cybersecurity Certification Conference took place at Copernicus Science Centre in Warsaw, under the auspices of the Polish Presidency of the Council of the EU and with the support of NASK and the European Commission. The event aimed to bring together stakeholders in the cybersecurity certification ecosystem to reflect on the milestones that have shaped the certification path so far and to look ahead at future developments and opportunities.

EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, highlighted: “Recent developments in the EU cybersecurity regulatory framework underline that the EU is prioritising the security of products and services. Certification is playing a central role in building a trusted digital internal market, extending far beyond the work of ENISA. The EU Cybersecurity Certification scheme on Common Criteria, EUCC is an achievement and we are proud of the collaborative efforts that will make its use widespread.”

NASK Director of Certification, Paweł Kostkiewicz, stated: "We are currently working on a new law—the National Cybersecurity Certification System—which we anticipate finalizing by autumn this year. This legislation will closely interact with our existing national cybersecurity framework, creating a robust and comprehensive system. The interplay between these two regulations highlights that cybersecurity certification is not just complementary but fundamental to our national and European digital security strategy. This law represents our commitment to building trust, enhancing capabilities, and ensuring that cybersecurity certification becomes a cornerstone of secure digital infrastructure across Europe.  At the end, I just want to leave you with one key message: Let’s build Europe secure by design, together."  

This year marks both the anniversary of the entry into force of the EUCC, the very first European cybersecurity scheme adopted and the celebration of the first EUCC accredited Conformity Assessment Bodies (CABs). This significant landmark in the certification field is paving the way for certified products soon.

On the occasion of the Cybersecurity Certification conference, the efforts and progress made by EU Member States and their supporting ecosystem of CABs in the certification journey were acknowledged and celebrated. Under the Cybersecurity Act that outlines ENISA’s mandate as well as the European Cybersecurity Certification Framework, EU Member States were tasked to designate their National Cybersecurity Certification Authorities (NCCAs)and to notify the Commission of Conformity Assessment Bodies (CABs) for each scheme, namely for the EUCC. First Conformity Assessment Bodies (CABs) that will be performing evaluations and certifications for the issuance of EUCC certificates, and emitting EUCC certificates, have been accredited, therefore paving the way towards delivery of the first EUCC certificates.  

The award-wining list includes the following:

France:

• SERMA Safety and Security

Germany

• Atsec information security GmbH
• Bundesamt für Sicherheit in der Informationstechnik  
• Deutsche Telekom Security GmbH
• Secuvera GmbH
• SRC Security Research & Consulting GmbH
• TÜV Informationstechnik GmbH

Spain

• Applus+ Laboratories  
• DEKRA

Sweden

• Atsec information security AB

Among the topics addressed in the panels moderated by ENISA, highlights were on:

• how certification can support both cyber risks and EU cybersecurity legislation;
• the need to ensure smooth transition towards the new schemes adopted;
• the necessary commitment of all stakeholders to ensure the success of schemes and their positive impact for the market, both at EU and international level. 

• 2025 European Cybersecurity Certification Conference | ENISA
• Homepage - EU Cybersecurity Certification
• Product Security and Certification | ENISA
• Certification and Standards | ENISA