Digital Policy Alert logo

European Union: European Commission opened consultation on implementing regulation amending European Common Criteria based cybersecurity certification scheme

Policy overview

Description

European Commission opened consultation on implementing regulation amending European Common Criteria based cybersecurity certification scheme

On 1 August 2025, the European Commission opened a consultation on the implementing regulation amending implementing regulation (EU) 2024/482 on the application of Regulation (EU) 2019/881 on the European Common Criteria-based cybersecurity certification scheme (EUCC), until 29 August 2025. The regulation aims to clarify and expand rules for cybersecurity certification of Information and Communication Technology (ICT) products. The regulation applies to ICT manufacturers seeking certification under the European Common Criteria-based scheme (EUCC) and introduces definitions for “product series”, “minor change”, and “major change”. The regulation seeks to enable certification bodies to assess product variations more effectively. It imposes new obligations, including requiring applicants to provide English versions of security targets, clarifying certificate identification rules, and updating state-of-the-art evaluation documents and protection profiles.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
software provider: other software
Implementation Level
supranational
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2025-08-01
in consultation

On 1 August 2025, the European Commission opened a consultation on the implementing regulation amen…

2025-08-29
processing consultation

On 29 August 2025, the European Commission closes the consultation on the implementing regulation a…