Implementation of the EUCC Scheme in Germany: First Observations and the Way Forward (S12a)
The EUCC Implementing Act (Draft), published in October 2023, has initiated preparations for its upcoming enforcement. While the core elements of certification processes remain consistent, the EUCC Implementing Act introduces new requirements that Member States must adopt to operate under EUCC. BSI (the Federal Office for Information Security) is actively engaged in the process of transitioning from the national Common Criteria (CC) to the EUCC Scheme. In this talk, they share their initial experiences with the implementation of the EUCC Scheme in Germany, in line with the provisions outlined in the EUCC Implementing Act. The talk delves into their observations and findings from a National Cybersecurity Certification Authority (NCCA) perspective, highlights identified gaps, and offers insights on the path forward.