Public Consultation on the draft Candidate EUCC Scheme

This report presents the outcome of the public consultation on the first draft of the cybersecurity certification candidate EUCC scheme. The scheme was developed following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, by Ad Hoc Working Group (AHWG) ENISA created. The EUCC, once approved, would serve as a successor to the existing ICT products certification schemes operating under the SOG-IS MRA (Senior Officials Group Information Systems Security Mutual Recognition Agreement).


As result some major changes were implemented to the candidate EUCC Scheme, mostly related to the:

  • addition and clarification of definitions;
  • systematic cooperation with the ECCG for the development of guidance documents supporting the scheme;
  • clarification of activities related to the maintenance of certificates;
  • clarification of deadlines associated to the handling of non-conformities, non-compliances and vulnerabilities;
  • modification of the status of the new patch management process, now in annex and for trial use;
  • modification of the logo associated to the certificates, allowing to establish an additional specific logo for the scheme and to mention the evaluation level achieved in addition to the CSA level;
  • clarification of the peer assessment requirements and simplification of the associated annex;
  • update of annexes 7 and 9 based on their recent evolution within the SOG-IS, and the addition of one annex related to ST sanitization

Cybersecurity Certification: Candidate EUCC Scheme V1.1.1

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies