The implementing regulation covers cybersecurity certification of ICT products based on the Common Criteria standards. Today, ICT products that undergo Common Criteria certification typically include integrated circuits, smart cards and related products (cryptographic elements, microcontrollers, dedicated software), network devices and systems (routers, switches, access points) and products for digital signatures (cryptographic modules, hardware security modules, secure servers).

Draft Commission Implementing Regulation amending Implementing Regulation (EU) 2024/482 as regards applicable international standards and correcting that Implementing Regulation; (6 page(s), in English), (2 page(s), in English)

In the EU Common Criteria-based cybersecurity certification scheme (EUCC), the state-of-the-art documents contain information that is relevant for its implementation. The amending implementing regulation will introduce in the EUCC one updated and one new state-of-the-art document, respectively related to the accreditation of Information Technology Security Evaluation Facility (ITSEFs) and accreditation of certification bodies (CBs). Furthermore, the amendment includes a clarification related to the applicable version of the Common Criteria standards and it defines transition rules between the former and latest version. Lastly, the amendment also introduces some corrections in the text to clarify the interpretation of certain articles.