EU gets its first cybersecurity certification scheme for safer tech

31 Jan 2024

Image: © mirsad/Stock.adobe.com

Thierry Breton said the new framework will ensure that ICT products used in ‘sensitive’ environments, such as routers and ID cards, are safe to use.

The European Commission has adopted the first-ever cybersecurity certification scheme in the bloc to comply with the EU Cybersecurity Act.

Announced today (31 January), the scheme will establish a standard set of rules and procedures on how to certify information and communication technology (ICT) products in their life cycle, making them more trustworthy to European users.

The commission said that the latest certification provides a “formal recognition” that ICT products can be trusted to protect both the hardware and software that citizens are using daily.

“In a highly dynamic cybersecurity threat landscape, we are making strides to raise our collective cyber resilience,” said internal market commissioner Thierry Breton.

According to Breton, the new framework will ensure that ICT products used in “sensitive” environments, such as routers and ID cards, are cybersecure.

“We want our citizens, businesses and the public sector to be able to trust the products they rely upon for securing their networks and for providing sensitive public services.”

A voluntary scheme, the certification framework will be published in the official EU journal “shortly”,  and it will enter into force 20 days after publication.

“Together with the publication of the certification scheme in the Official Journal, the commission will also publish the first Union Rolling Work Programme for European cybersecurity certification,” the commission wrote in a statement.

“This document sets out a strategic vision and reflections on possible areas for future European cybersecurity certification schemes considering recent legislative and market developments.”

Last month, the commission reached an agreement on the terms of the Cyber Resilience Act, a piece of legislation it first proposed in September 2022.

The Cyber Resilience Act was tipped as a way for the EU to make companies that manufacture internet-enabled devices for sale responsible for cybersecurity throughout the entire product life cycle. Manufacturers will have to provide consumers with security updates at regular intervals.

The legislation also aims to ensure that consumers are fully aware of their rights around the security of the devices that they purchase. All products on the market in the EU will need to comply with the commission’s cybersecurity standards. Devices from baby monitors to fridges will soon bear a special CE marking that signifies they are compliant with the regulation.

“Consumers need to feel safe with the products available on the EU market,” said Věra Jourová, vice-president for values and transparency, said at the time.

“The Cyber Resilience Act agreed today will ensure the digital products we use at home and at work comply with strong cybersecurity standards. Those that place these products on the market must be held responsible for their safety.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com