The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and EU citizens. The organisation carried out a study to identify and analyse the current landscape of ICT security certification laboratories in EU Member States, comparing them also with third countries practices. The study noted that certification plays an important role in raising the level of trust and security in ICT products and services. This is also valid for new systems that make extensive use of digital technologies and which require a high level of security. National initiatives have been emerging to set high-level cybersecurity requirements for ICT components on traditional infrastructure, including certification requirements. Important as they may be, they may nurture risks such as market fragmentation and challenges to interoperability.
The findings of this study will constitute the basis for the Agency’s proposal towards an EU wide ICT products and services certification framework to ensure greater harmonisation to strengthening the European digital economy.
A copy of the report is available on the ENISA website.