Beyond Common Criteria: Lessons From Evaluation Practice for Europe’s Emerging Cyber Regulations (S21b)
As Europe advances with the Cyber Resilience Act (CRA) and the European Digital Identity (EUDI) framework, questions arise about how established assurance methods fit into these new contexts. This talk examines where the (EU) Common Criteria approach remains a suitable foundation for demonstrating cybersecurity assurance – and where it does not. Drawing on practical experience the speakers explore how the gold standard for structured and evidence-based assessment can support regulatory goals, and where flexibility, scalability, or continuous assurance require different methods.