Cybersecurity – Part 2: Certification (Regulation)
The EU Commission wants to set up a European cybersecurity certification scheme (ECCS) in order to increase confidence in products and services in the information and communication technology (ICT) sector. In the light of increasing cybersecurity risks and attacks, it has therefore submitted the proposal for a Regulation.
cep recognises that EU-wide rules on cybersecurity certification could certainly stimulate the market for cybersecure ICT products and services. It is questionable, however, whether the EU Commission and the cybersecurity agency ENISA have the know-how to determine which ICT products and -services sensibly require an ECCS. Member States should also be compulsorily involved in the preparation of ECCS. In cep’s view, the EU legislator is not permitted to adopt any cybersecurity rules relating to the national security of Member States.