Skip to main content
RISE logo
Europe
Photo: Pixaby

EU Cyber Security Act—what is that and what rules apply?

02 February 2023, 14:01

ENISA, the EU's cybersecurity agency, has been given an extended mandate by the EU to be responsible for cybersecurity in the EU. The aim is to contribute to a uniform level and standard of security across the EU and to create a European certification framework for ICT products, services and processes called the Cyber Security Act. RISE is already today offering accredited certification services within several different fields.  
RISE is currently investigating the possibility of extending our certification services to also include the new upcoming EU certification schemes.   

Certification plays an important role in creating trust and security for products and services in the digital world. Today, several different security certification schemes exist in the EU for digital services and products. But without a common EU framework, there is a risk of creating trade barriers between EU Member States. 

ENISA will therefore create various cyber security certification schemes in the form of technical requirements, standards, and methodologies to be applied across the EU.  

Different conformity assessment bodies then have an opportunity to offer certifications that confirms that a product, process, or service has been certified in in different areas and levels, in accordance with a cybersecurity scheme.  

Currently, three cybersecurity schemes are under development by ENISA, these are:  

  • Common criteria that cover ICT products  

  • Cloud services  

  • 5G network 

Each European cybersecurity scheme shall specifically specify: 

  • The category or service covered 

  • The cybersecurity requirements such as standards or technical requirements

  • Evaluation methods such as self-certification or third party

  • The current level of security

There are three levels of security that are designed to help users know what level of security a product can have. These three levels are basic, substantial, and high

These security levels correspond to the level of risk associated with the intended use of a product, service, or process, in terms of the likelihood and impact of an attack. Assurance level high, means that a product has passed the highest security tests. 

The certification will make it easier for companies to do business across borders and for customers to assess a product's security capabilities. 

Cybersecurity certification will be partly voluntary, based on level of assurance, and manufacturers and suppliers can therefore choose to certify their products and services and then select the appropriate security level. A certificate can be applied for at an accredited conformity assessment body. 

RISE is already today offering accredited certification services within several different fields.  
RISE is currently investigating the possibility of extending our certification services to also include the new upcoming EU certification schemes.   

It is expected that after a transitional period, existing national cybersecurity rules will be abandoned in favor of the EU certificate.  

For more information, please contact:

Ted Strandberg

Ted Strandberg

Projektledare

+46 10 516 60 93

Read more about Ted

Contact Ted
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

* Mandatory By submitting the form, RISE will process your personal data.

2024-05-13

2024-04-15

2024-03-13

2024-01-08

2024-01-08

2023-11-28

2023-11-20

2023-10-23

2023-10-10

2023-09-12

2023-08-22

2023-07-05

2023-06-11

2023-06-05

2023-06-01

2023-04-25

2023-04-04

2023-03-27

2023-02-20

2023-02-08

2023-02-03

2023-02-02

2023-02-02

2023-01-26