A new certification framework for connected devices, together with a stronger role for the EU Cybersecurity Agency, were backed by Industry Committee MEPs. 

The EU cybersecurity scheme will certify that an ICT product, process or service has no known vulnerabilities at the time of the certification’s release and that it complies with international standards and technical specifications. 

Cybersecurity certification framework 

Certification will be voluntary and, where appropriate, mandatory and will prove: 

  • confidentiality, integrity, availability and privacy of services, functions and data, 
  • that services, functions and data can be accessed and used only by authorised persons and/or authorised systems and programmes, 
  • that processes are in place to identify all known vulnerabilities and deal with any new ones, 
  • that products, processes or services are designed to be secure and that they are fitted with up-to-date software without any known vulnerabilities, 
  • that other risks linked to cyber incidents, such as risks to life or health, are minimised.