Cybersecurity – Part 2: Certification (Regulation)
cepPolicyBrief

Information Technology

Cybersecurity – Part 2: Certification (Regulation)

Philipp Eckhardt
Philipp Eckhardt
Dr. Anja Hoffmann, LL.M. Eur.
Dr. Anja Hoffmann, LL.M. Eur.

The EU Commission wants to set up a European cybersecurity certification scheme (ECCS) in order to increase confidence in products and services in the information and communication technology (ICT) sector. In the light of increasing cybersecurity risks and attacks, it has therefore submitted the proposal for a Regulation.

cepPolicyBrief

Status

cep recognises that EU-wide rules on cybersecurity certification could certainly stimulate the market for cybersecure ICT products and services. It is questionable, however, whether the EU Commission and the cybersecurity agency ENISA have the know-how to determine which ICT products and -services sensibly require an ECCS. Member States should also be compulsorily involved in the preparation of ECCS. In cep’s view, the EU legislator is not permitted to adopt any cybersecurity rules relating to the national security of Member States.

Download PDF

cepAnalyse (publ. 06.12.2018) PDF 325 KB Download
Cybersecurity – Part 2: Certification COM(2017) 477
Proposal for a Regulation COM(2017) 477 (publ. 10.04.2017)