As a reminder, European Parliament and Council negotiators agreed on the European Cybersecurity Act on 10 December 2018.

While waiting for the European Parliament and Council to formally adopt the regulation, substantive preparations are taking place for the new cybersecurity certification framework.

The future cybersecurity certificates will be recognised throughout the EU, and the certification schemes will replace national cybersecurity certification requirements. 

What’s your place in all this?

 As you will see in Cullen International’s new infographic, industry stakeholders and EU member states can get involved at various stages in the planning and creation of EU certification schemes. However, the process is driven by the European Commission and implemented by the EU Cybersecurity Agency (ENISA).

But what’s covered by the framework?

The framework is for the creation of EU cybersecurity certification schemes for specific ICT products, services and processes, but our infographic takes you all the way from the general work programme to when certificates are issued under a scheme.

Manufacturers and service providers can decide whether or not to get certified (or make a self-assessment in certain cases), unless certification is required by national or EU laws.

Our certification framework infographic makes the path to certification simple.

To get a free download of Cullen International’s infographic, please just "Request Access" below.

If you are interested in more cybersecurity regulatory analysis, please contact us.

We will update the infographic if there are any changes to the Cybersecurity Act before it is formally adopted (expected spring 2019).