Public Consultation on the draft Candidate EUCC Scheme

This report presents the outcome of the public consultation on the first draft of the cybersecurity certification candidate EUCC scheme. The scheme was developed following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, by Ad Hoc Working Group (AHWG) ENISA created. The EUCC, once approved, would serve as a successor to the existing ICT products certification schemes operating under the SOG-IS MRA (Senior Officials Group Information Systems Security Mutual Recognition Agreement).


As result some major changes were implemented to the candidate EUCC Scheme, mostly related to the:

  • addition and clarification of definitions;
  • systematic cooperation with the ECCG for the development of guidance documents supporting the scheme;
  • clarification of activities related to the maintenance of certificates;
  • clarification of deadlines associated to the handling of non-conformities, non-compliances and vulnerabilities;
  • modification of the status of the new patch management process, now in annex and for trial use;
  • modification of the logo associated to the certificates, allowing to establish an additional specific logo for the scheme and to mention the evaluation level achieved in addition to the CSA level;
  • clarification of the peer assessment requirements and simplification of the associated annex;
  • update of annexes 7 and 9 based on their recent evolution within the SOG-IS, and the addition of one annex related to ST sanitization

Cybersecurity Certification: Candidate EUCC Scheme V1.1.1

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information