Certification—Time is Also an Issue for Scheme Development (B13b)
A year ago would have been the ideal time to end migration towards EUCC. By now, international partners (along European MS) doubt EUCC and other EU CSA certification schemes. MS step down their resource investment and remember CCRA and SOGIS-MRA. Even with EUCC at hand (when being optimistic), there are already missed opportunities to the CSA community. The CRA makes use of the CSA only under very limited circumstances, national regulation preparing the use of CSA are not broadly accepted by industry (5G security). eIDAS at least seems to be using EUCC before a more appropriate scheme will be developed. That is good news for CC, given how long scheme development currently takes. BSI, as one of the key stake holders to the CSA infrastructure, does not give up that easily, even though resource investment is being reconsidered. They are taking measures and are hoping for everybody to join. They are broadly advertising EUCC along with CC:2022. They are building service capacity to support digitisation efforts in developing the needed environment and of course are investing into actually making use of CSA from CRA wherever reasonable. Most important, CSA certificates should easily open every door to conformity for EU markets. In this presentation, a brief analysis of the timeline, the difficulties along the way and implications are being depicted. Then approaches to still make CSA a success will be explained and BSI strategy will be shared.