Exploring the Feasibility of EU Cybersecurity Certification in support of New Technologies
Once more, the European Union Agency for Cybersecurity (ENISA), organises the Cybersecurity Certification Conference, during the twice annually cybersecurity certification week that brings together experts, private stakeholders and public authorities representatives.
Published on May 25, 2023
The annual ENISA Cybersecurity Certification Conference 2023
The ENISA Cybersecurity Certification Conference 2023, is the public highlight of the spring certification week held in Athens on 25 May 2023. The conference tackled the impact of upcoming EU laws and frameworks on cybersecurity certification and addressing the challenge of cybersecurity certification requirements concerning new technologies.
In particular, the conference is a forum to discuss the requirements of the Cybersecurity Act, the proposed Cyber Resilience Act, the EU Digital Identity Wallet as well as preliminary observations stemming from the new ENISA feasibility study on cybersecurity certification of Artificial Intelligence (AI).
The Cybersecurity Certification Week
During the last week of May 2023 ENISA hosts the certification week with plenary sessions of the three ad hoc certification working groups building the candidate schemes on:
- EUCC – the European Common Criteria-based European candidate cybersecurity certification scheme;
- EUCS – the European Cybersecurity Certification Scheme for Cloud Services; and,
- EU5G – concerning an EU cybersecurity certification scheme for 5G network equipment and identities.
Furthermore, experts also get together in a joint session to discuss horizontal topics that include:
- Vulnerability handling for certified solutions;
- Pen testing methodologies during evaluations;
- Certification: Market Uptakes & Building the Community;
- New developments such as feasibility studies on the EU Digital Identity Wallet and on AI.
Delegates from across the EU Member States are also meeting at the European Cybersecurity Certification Group (ECCG) and the Stakeholders Cybersecurity Certification Group (SCCG), also convenes in hybrid form.
Highlights of the Certification Conference
- Reconciling with the complex cybersecurity policy ecosystem
This year’s conference focuses on the challenges related to the implementation of cybersecurity certification in a moving regulation landscape such as NIS2, and proposals including the AI Act and the Cyber Resilience Act currently under legislative scrutiny.
Panels seek to assess how the developed schemes adequately meet the requirements of new and upcoming regulations as well as whether they are fit for purpose and sufficiently address the challenges raised by new technologies or their developments.
- Cybersecurity certification for AI
As the discussion on the European approach to AI is ramping up, with the European Parliament's leading committees having just adopted their position on the proposal for a EU regulation on AI (the so called “AI Act”), the need for a cyber secure AI and the question of how it can be achieved are ever-more pressing. Earlier this year ENISA published a report on standardisation and cyber secure AI and is now continuing this work with an assessment on the feasibility of a cybersecurity certification scheme for AI.
As part of this work, the Certification Week hosts an expert panel of representatives of governments and standardisation bodies to review the challenges in implementing policies on AI of course with a focus on cybersecurity and certification.
- The EU Digital Identity Wallet and the Cybersecurity Act
On the occasion of the conference, ENISA animates a panel to engage discussions on the EUID Wallet in regards with the EU Cybersecurity Certification Framework.
Cybersecurity certification: the minute account
The EU cybersecurity certification framework has the objective to establish and maintain trust and security in Information and Communications Technology (ICT) products, ICT services and ICT processes.
Beyond the purely technical requirements certification establishes, these EU frameworks are also developed to strengthen the EU market. Certification is therefore to be seen as a tool to deal with socio-economic aspects such as users’ trust, the duty of care of a manufacturer or provider and prevention of cybersecurity failure to protect market reputation.
Certification, however, faces the challenge of addressing new technologies and usage.
Target audience of the ENISA Cybersecurity Certification Conference
- Experts from public authorities that are competent for cybersecurity certification and market across the EU Member States;
- European Institutions with a competence or an interest in cybersecurity;
- Conformity Assessment Bodies, Cybersecurity evaluators and auditors;
- Business and industry representatives;
- Researchers and the academic community.
ENISA Certification Conference
Cybersecurity of AI and standardisation – 2023 ENISA report
For press questions and interviews, please contact press (at) enisa.europa.eu