The European Common Criteria-based cybersecurity certification scheme (EUCC) is established under the European Commission's Implementing Act Regulation (EU) 2024/482, related to Regulation (EU) 2019/881, commonly known as the Cybersecurity Act (CSA).
The EUCC is the first scheme created under the CSA requirements. Some other schemes are still being put together: particularly, in particular the EU5G and the EUCS. And, with more to come!
The EUCC scheme is designed to set the rules and obligations, as well as the structure, for certifying information and communication technology (ICT) products. The scheme leverages established international standards, notably the Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) and the Common Evaluation Methodology (ISO/IEC 18045) and mandates third-party conformity assessments by accredited ITSEFs.
Certificates will be valid for a maximum of five years unless this period is extended with the authorisation of an NCCA (National Cybersecurity Certification Authority).
The EUCC uses the Common Criteria’s vulnerability assessment family (AVA_VAN), components 1 to 5. This component will be indicating the CSA level of Substantial and High as follows:
Along with the changes introduced by the EUCC, there are some significant aspects that need to be considered beyond the existing practices of current National Common Criteria schemes:
Therefore, any evaluation in the EUCC scheme shall be based on the use of ALC_FLR. Market surveillance and active monitoring will be in place to detect the products in the market that have any vulnerability that may affect the certificate status.
The EUCC scheme and the Cyber Resilience Act (CRA) work in tandem to present compliance, however, achieving complete adherence to the CRA requires further actions in EUCC. Applus+ Laboratories helps ENISA to identify and analyze the gap between the two regulations and the EUCC workarounds to comply with CRA.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.