With an EU-wide cybersecurity certificate, the manufacturer/provider of the product, service or process can prove that the object of the certification meets the cybersecurity requirements specified in the applicable certification scheme. Certification can be used to increase the customer’s trust in the product or the service or process offered or promote entry to the market, or the certificate can act as a competitive advantage.
A cybersecurity certificate can also be used to demonstrate compliance with the requirements of other legislation, if permitted by the legislation in question. In that case, more detailed terms and definitions for the demonstration of compliance with a cybersecurity certificate can be found in the legislation in question.
Obtaining a certificate is voluntary in principle, unless it has been made mandatory for certain products/services/processes with national or EU legislation.
Certification is always carried out by an accredited conformity assessment body. On its website, ENISA maintains a list of the accredited and authorised conformity assessment bodies. We will update the link to the list after ENISA has published the first notified conformity assessment bodies on its website.
Contact an assessment body listed on ENISA’s website that offers a cybersecurity certification compliant with the desired certification scheme and ask for more information about the certification process.
Read more about the EU Cybersecurity Act and certificates or cybersecurity certification schemes .