EU is slowly concretizing cybersecurity standards

On June 27, 2019, the Cybersecurity Act came into force, with the aim of creating uniform standards for cybersecurity in Europe. At the eponymous EU Cybersecurity Act conference in Brussels, experts focused on the current state of implementation of the regulation. One focus of the program covered the certification requirements for products on the Internet of Things.

The European Cybersecurity Regulation has set the European Commission and the Member States the task of standardizing standards and certification requirements in the area of ​​ICT security (information and communication technology) and reducing the number of different regulations in the Member States and the sectors. These include security requirements for cloud infrastructures, the Internet of Things, and artificial intelligence applications. The introduction of EU-wide standards and certifications should create confidence in secure infrastructures.

The prescribed way to implement the regulation is long. Firstly, Member States and the Commission must agree on an implementation plan: which forms of certification for sectors and application areas should be implemented and with what priority? For this, the European actors have a deadline of June 2020 Cybersecurity Agency ENISA charged with creating certification schemes. At the end, the Commission adopts the proposals drawn up by ENISA, which will thus become effective for the Member States. If all prescribed methods are adhered to, the first certification standards will be adopted at the earliest beginning of 2021.

The path described by the European institutions can be shortened by a direct mandate to ENISA, both at the initiative of the Member States and the Commission. Thus, the process can be accelerated if necessary. The fact that such a way is chosen in urgent cases is quite conceivable with the current cybersecurity focal points.

For the area of ​​certifications in the Internet of Things, there is currently no known timetable. However, such is likely to be available to the Commission in the spring of 2020. Increasing the cybersecurity of products in the Internet of Things is a key issue in the Internet EU Cybersecurity Certification Framework is named. One wants to reach this goal with a voluntary seal of approval for products, which gives information about their security status. This is precisely what has led to criticism in the past, as many experts classify such a solution as inadequate.

However, this voluntary nature can be exacerbated by other rules, such as European consumer protection. It is also envisaged that regulations such as these can be revised from 2023 onwards. The change from a voluntary seal of quality to a binding security seal for the Internet of Things is therefore possible.
(Mirko Ross) /


Cybersecurity Act (t) EU (t) EU Cybersecurity Act (t) Seal of Goodness (t) Internet of Things (t) Standards (t) Certificates