Search
Search
Menu
Close
Close
Europe
Photo: Pixaby

EU Cyber Security Act—what is that and what rules apply?

02 February 2023, 14:01

ENISA, the EU's cybersecurity agency, has been given an extended mandate by the EU to be responsible for cybersecurity in the EU. The aim is to contribute to a uniform level and standard of security across the EU and to create a European certification framework for ICT products, services and processes called the Cyber Security Act. RISE is already today offering accredited certification services within several different fields.  
RISE is currently investigating the possibility of extending our certification services to also include the new upcoming EU certification schemes.   

Certification plays an important role in creating trust and security for products and services in the digital world. Today, several different security certification schemes exist in the EU for digital services and products. But without a common EU framework, there is a risk of creating trade barriers between EU Member States. 

ENISA will therefore create various cyber security certification schemes in the form of technical requirements, standards, and methodologies to be applied across the EU.  

Different conformity assessment bodies then have an opportunity to offer certifications that confirms that a product, process, or service has been certified in in different areas and levels, in accordance with a cybersecurity scheme.  

Currently, three cybersecurity schemes are under development by ENISA, these are:  

  • Common criteria that cover ICT products  

  • Cloud services  

  • 5G network 

Each European cybersecurity scheme shall specifically specify: 

  • The category or service covered 

  • The cybersecurity requirements such as standards or technical requirements

  • Evaluation methods such as self-certification or third party

  • The current level of security

There are three levels of security that are designed to help users know what level of security a product can have. These three levels are basic, substantial, and high

These security levels correspond to the level of risk associated with the intended use of a product, service, or process, in terms of the likelihood and impact of an attack. Assurance level high, means that a product has passed the highest security tests. 

The certification will make it easier for companies to do business across borders and for customers to assess a product's security capabilities. 

Cybersecurity certification will be partly voluntary, based on level of assurance, and manufacturers and suppliers can therefore choose to certify their products and services and then select the appropriate security level. A certificate can be applied for at an accredited conformity assessment body. 

RISE is already today offering accredited certification services within several different fields.  
RISE is currently investigating the possibility of extending our certification services to also include the new upcoming EU certification schemes.   

It is expected that after a transitional period, existing national cybersecurity rules will be abandoned in favor of the EU certificate.  

For more information, please contact:

Ted Strandberg

Ted Strandberg

Projektledare

+46 10 516 60 93

Read more about Ted

Contact Ted
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

* Mandatory By submitting the form, RISE will process your personal data.

2024-11-18

Digital privacy for future digital systems

2024-10-21

6G and satellites - the next era of global communications

2024-10-01

IoT security standardization contributes to a safer digital future

2024-08-05

Fall cybersecurity courses at RISE 2024

2024-06-27

IoT and security - a deep dive into the future of technology

2024-06-10

RISE approved to certify radio equipment

2024-05-13

Cybernode to grow by 100% to benefit cyber security

2024-04-15

How to prepare for the EU Cybersecurity Directive NIS2

2024-03-13

Federated learning in cyber security - protecting privacy

2024-01-08

RISE's spring cybersecurity training programmes are now available.

2024-01-08

Human-centred cybersecurity - essential for appropriate cybersecurity measures

2023-11-28

Report from RISE: AI brings opportunities and risks in cybersecurity

2023-11-20

Power tank used in research project on cyber security in the electricity grid

2023-10-23

New EU cybersecurity requirements affect manufacturers

2023-10-10

Facilitating cybersecurity certification in the EU

2023-09-12

Good news for RISE and Cybersecurity in Sweden – Cybercampus supported by the government

2023-08-22

Autumn cybersecurity courses at RISE

2023-07-05

Development of safety-critical systems

2023-06-11

Cybersecurity important in Digital Infrastructure for Renewable Energy - RISE participates in discussions

2023-06-05

RISE participates in research project on psychological defence

2023-06-01

Cybersecurity as a competitive advantage - what does RISE contribute?

2023-04-25

RISE Centre for Cybersecurity has opened its spring cybersecurity courses

2023-04-04

Proposed actions to avoid cyber threats to the Energy system-a report

2023-03-27

Internet of Things in an unsecure time - a report for leaders and decision makers

2023-02-20

The new cyber landscape in vehicles requires increased awareness and expertise

2023-02-08

The Regulation of Machinery Products increases focus on cybersecurity 

2023-02-03

New communication channel for cybersecurity

2023-02-02

EU Cyber Security Act—what is that and what rules apply?

2023-02-02

Collaboration is the key for increasing Cybersecurity

2023-01-26

Are you ready for the next move in Cybersecurity?