To strengthen trust in the European digital market, the Cybersecurity Act (Regulation EU 2019/881) requires a Europe-wide uniform certificate for cybersecurity quality.

With the entry into force of the new European Common Criteria-based Cybersecurity Certification Scheme (EUCC), the EU establishes a framework for uniform, trustworthy certification of ICT products. In accordance with the requirements of the Cybersecurity Act and its implementing regulation (EU 2024/482), a uniform set of rules valid throughout Europe enters into force in place of national procedures, prescribing clear requirements and testing procedures for manufacturers and service providers. EUCC is structured into three assurance levels (basic, substantial, and high), each adapted to the technical complexity and security risk.

Certification According to EUCC Standard (substantial)

EUCC certification is based on the international standards ISO/IEC 15408 (Common Criteria) and ISO/IEC 18045 (Methodology), which define clear security objectives and protection profiles for each product category. In the EUCC system, substantial corresponds to a comprehensive vulnerability assessment (AVA_VAN Level 2) with the requirements defined in the protection profiles. Your technical documentation and risk concept are examined as well as their practical implementation. This ensures that your products are certified and secured not only nationally, but throughout Europe.

SRC Zert GmbH & Co. KG as Certification Body / Notified Certification Body (CB)

SRC Zert GmbH & Co. KG has been accredited by the German Accreditation Body (DAkkS) and has received authorization from the BSI (in its role as NCCA) as a EUCC certification body for the “substantial” level. The certification body has been notified to the EU Commission. The EUCC certification body of SRC Zert is authorized to certify your ICT products according to the EUCC certification scheme up to the substantial assurance level.