The EUCC ISAC is launching this questionnaire to identify organisations and experts interested in contributing to a reference base of technical documents about attack methods, attack potential and minimum tooling in the domain of software evaluation targeting all possible assurance levels of the EUCC scheme (AVA_VAN.3, AVA_VAN.4, AVA_VAN.5). As the cybersecurity landscape continues to evolve, the involvement of knowledgeable stakeholders is essential to ensure that evaluation methodologies, protection profiles, and supporting materials remain accurate, relevant, and aligned with current industry practices and consider attackers profiles. The EUCC scheme will benefit from technical expertise grounded in already well established and recognised [...]

ENISA has published Voices of EU Cybersecurity Certification, a new report sharing perspectives from across the European cybersecurity certification community. 📄 Read the full ENISA publication Through interviews and testimonials, it highlights what works today, where challenges remain, and how cooperation across the ecosystem can help the EUCC scheme evolve. Contributors include Laurent di Russo, former JHAS Chairman and one of the founding figures of the EUCC ISAC, and Pierre-Jean Verrando, current EUCC ISAC Administrator who led the creation of the ISAC. This publication stresses the importance of open dialogue between public authorities, NCCAs, CBs, ITSEFs, vendors, and developers - [...]

The European Commission has opened a public consultation on a draft Implementing Regulation amending Implementing Regulation (EU) 2024/482, which sets out the rules for the European Common Criteria-based cybersecurity certification scheme (EUCC). This initiative aims to clarify, modernise, and expand the scheme so that it remains fit for purpose in a fast-evolving technological and threat landscape. The draft regulation is open for comment via the European Commission’s “Have Your Say” platform till 29th August 2025. The proposed amendment therefore seeks to: Clarify and modernise definitions to cover evolving technologies and product series; Ensure assurance continuity, so that minor and major [...]

The EUCC community is invited to participate in the first meeting of JEDS’ reactivation within the EUCC ISAC, which will be held remotely on October 1st, 2025, from 14:00 to 17:30 (CET). About JEDS (Embedded Devices Subgroup) JEDS—short for the JIWG Embedded Devices Subgroup—previously operated under the Joint Interpretations Working Group (JIWG) of the SOG-IS framework, and is now being reactivated under the EUCC ISAC umbrella. This subgroup plays a pivotal role in harmonizing and interpreting certification practices for embedded devices across schemes, particularly within the EU Common Criteria (EUCC) ecosystem. JEDS contributes to defining attack potential metrics and methodologies [...]

EUCC ISAC's feedback   The EUCC Information Sharing and Analysis Centre (ISAC) demonstrates a proven and trusted model of successful collaboration between public and private stakeholders. To ensure the continued relevance, trustworthiness, and effectiveness of cybersecurity certification schemes under the Cybersecurity Act (CSA), the revision should institutionalise this collaborative approach through structured mechanisms, notably through Public-Private Partnerships (PPPs) supporting the ISAC model. Download [PDF] 1. Institutionalisation of the ECCG Subgroups for Scheme Maintenance and its liaison with private stakeholders The European Cybersecurity Certification Group (ECCG) plays a critical role in the governance of certification schemes. [...]

The first Steering Committee meeting of the EUCC ISAC, bringing together appointed representatives from the technical groups and NCCAs/CBs involved in the EUCC ISAC, will be held on Friday, 7 July, in Brussels (hybrid format). Among other topics, the Steering Committee will review the current status of the EUCC ISAC’s technical and strategic initiatives, finalize group structures and roadmaps, and establish a clear path forward for governance and collaboration with EsEm.

The EUCC ISAC is pleased to announce the creation of a new EUCC ISAC Technical Subgroup, established by ISCI, dedicated to exploring Artificial Intelligence (AI) as an emerging domain within the Common Criteria (CC) framework. As AI becomes increasingly integrated into embedded systems, aligning these technologies with trusted evaluation frameworks like CC is critical for ensuring security, trust, and interoperability. This initiative represents an important step toward preparing certification processes for the rapidly evolving AI landscape. Our Objective This subgroup aims to develop a practical guidance document that bridges the world of cybersecurity evaluation for embedded AI systems with the [...]