The Implementing Regulation (EU) 2024/482, laying down rules for the application of Regulation (EU) 2019/881 as regards the adoption of the European Common Criteria-based cybersecurity certification scheme (EUCC), was published two years ago. Several National Accreditation Bodies (NABs) accredit Conformity Assessment Bodies (CABs) under this legislation, and these CABs are listed in the NANDO (New Approach Notified and Designated Organisations) database.
The EUCC scheme allows ICT (Information and communication technology) suppliers who wish to showcase proof of assurance to go through an EU commonly understood assessment process to certify ICT products such as technological components (chips, smartcards), hardware, and software.
The accreditation of CABs (CBs and ITSEFs – Information Technology Security Evaluation Facility) shall be based on the applicable accreditation standards (EN ISO/IEC 17065 and EN ISO/IEC 17025), the IR 2024/482, and the State-of-the-Art (SotA) documents.
After two years, several issues have been identified that require discussion and further harmonisation among NABs when accrediting CABs for the EUCC scheme, especially regarding the accreditation of ITSEFs and the related scope for accreditation.
Furthermore, ENISA is working on an update of the accreditation requirements (SotA documents).
Therefore, EA is organising with ENISA a workshop on the implementation of the Implementing Regulation (EU) 2024/482, aiming at enhancing harmonisation among NABs.
The online workshop will take place on 28 April 2026 from 09:30 – 12:30 (CEST) and is open only to EA Members/NABs.
EA is organising a workshop with the European Commission for National Accreditation Bodies in which the European Commission will provide an update on the implementation of the EU Methane Regulation
EA published the EA MLA Report 2025.
