The EU Common Criteria Information Sharing and Analysis Centre (EUCC ISAC) is an international non-profit association dedicated to fostering collaboration, harmonization, and excellence in cybersecurity certification. By building trust and interoperability, we aim to create a robust market for certified ICT products that address the rapidly evolving technological and threat landscapes, both in Europe and globally.

Our Mission

The EUCC ISAC acts as a central hub for collaboration between public and private stakeholders, ensuring the effective and consistent implementation of the EU Common Criteria (EUCC) certification scheme. It provides essential input to key entities—including the ECCG subgroup for EUCC maintenance (EsEm), the European Commission, ENISA, and Member States—to support the ongoing development and maintenance of the EUCC scheme. We aim to maintain state-of-the-art practices by providing technical interpretations, methodologies, attack quotations, and an up-to-date attack catalogue.

Who We Are

The EUCC ISAC functions as a structured and inclusive platform, comprising Technical Groups that address various technical domains and foster engagement among a diverse range of stakeholders, including:

• National Cybersecurity Certification Authorities (NCCAs)
• Conformity Assessment Bodies (CABs)
• ICT Manufacturers and Providers
• Laboratories and IT Security Evaluation Facilities (ITSEFs)
• End-User Organizations
• Observers or invitees: Non-European certification authorities and consortia

What We Do

Harmonization of Practices: Ensure consistency in implementing the EUCC scheme across Europe.

State-of-the-Art: Deliver attack quotations and maintain an up-to-date attack catalogue to address current and emerging threats.

Technical Expertise: Provide methodologies, interpretations, and resources to maintain certification at the forefront of technological advancements.

Protection Profiles: Support the development and maintenance of PPs to align with certification needs.

Capacity Building: Offer training programs to onboard and empower stakeholders in the certification ecosystem.

Collaboration & Innovation: Facilitate cooperation among certification bodies, national authorities, private companies, and other global organizations.

Our Values

The EUCC ISAC is founded on a set of core values that promotes trust, cooperation to developp the highest standards in cybersecurity certification.

• Transparency: We uphold inclusive and open processes, ensuring all members have access to information and the opportunity to contribute meaningfully.
• Fairness: Our structure guarantees equal opportunities for participation, fostering balanced contributions from diverse stakeholders.
• Inclusiveness: The ISAC is accessible to a broad range of actors, from small and medium-sized enterprises (SMEs) to large corporations, ensuring diverse perspectives and expertise are represented.
• Consensus-Driven: We prioritize decision-making through agreement, encouraging collaboration and mutual understanding across all members.
• Trust and Confidence: We cultivate a culture of openness and collaboration, where all stakeholders are empowered to contribute to the scheme’s maintenance and evolution in a constructive and transparent manner.
• Accountability: The ISAC adheres to strict antitrust, anti-corruption principles and IP rights policy, with robust mechanisms for addressing complaints, appeals, and ensuring fairness.