Topic: Maintenance Framework and Role of ISACs in European Cybersecurity Certification Schemes The EUCC ISAC is a stakeholder platform bringing together industry experts, National Cybersecurity Certification Authorities (NCCAs), Conformity Assessment Bodies (CABs), and Certification Bodies (CBs) to support the implementation and maintenance of the EUCC certification scheme. Through consolidated technical feedback and operational expertise, it plays an active role in ensuring the scheme remains effective, relevant, and aligned with real-world cybersecurity needs. The EUCC ISAC strongly supports the overall objectives of strengthening the effectiveness, responsiveness, and long-term sustainability of European cybersecurity certification schemes. In this context, a robust, agile, and [...]

  The EUCC ISAC is pleased to announce the official launch of its Software Technical Group on 3 June from 15 to 18 (CET), a new collaborative initiative designed to strengthen the technical foundations of software evaluation within the European cybersecurity certification ecosystem. To suppoort the maintenance of the evolving EUCC scheme, this Technical Group will bring together experts from across industry, laboratories, certification bodies, and public institutions to jointly develop state-of-the-art methodologies, guidance, and reference materials. The Software Technical Group builds on the EUCC ISAC’s mission to foster collaboration, harmonisation, and excellence in cybersecurity certification.   Scope and Expected [...]

EUCC ISAC is currently recruiting a Junior Cybersecurity Certification Engineer (CIP – Belgium) to support the activities of its Secretariat in Brussels. This position offers a unique opportunity to contribute to the European cybersecurity certification ecosystem and collaborate with experts from across industry, cybersecurity laboratories, certification bodies, and European institutions. The selected candidate will support the coordination of technical working groups, contribute to the preparation of technical documentation, and assist in engaging with a network of experts involved in the maintenance of the EU Common Criteria (EUCC) certification scheme. 🗓 Start date: May 2026 📍 Location: Brussels (remote working [...]

Save the Date – 1st General Assembly of the EUCC ISAC Please save the date for the 1st General Assembly of the EUCC Information Sharing and Analysis Centre (EUCC ISAC), which will take place on 29 June 2025 from 10:00 to 18:00 in Brussels, Belgium. This first General Assembly will bring together EUCC ISAC members and key stakeholders for a full day of governance discussions and strategic exchanges. The morning session will be dedicated to administrative matters, including: Election of the Steering Committee members Budget overview Proposed updates to the bylaws, participation rules. Discussion on the creation of new technical groups [...]

The EUCC ISAC is launching this questionnaire to identify organisations and experts interested in contributing to a reference base of technical documents about attack methods, attack potential and minimum tooling in the domain of software evaluation targeting all possible assurance levels of the EUCC scheme (AVA_VAN.3, AVA_VAN.4, AVA_VAN.5). As the cybersecurity landscape continues to evolve, the involvement of knowledgeable stakeholders is essential to ensure that evaluation methodologies, protection profiles, and supporting materials remain accurate, relevant, and aligned with current industry practices and consider attackers profiles. The EUCC scheme will benefit from technical expertise grounded in already well established and recognised [...]

ENISA has published Voices of EU Cybersecurity Certification, a new report sharing perspectives from across the European cybersecurity certification community. 📄 Read the full ENISA publication Through interviews and testimonials, it highlights what works today, where challenges remain, and how cooperation across the ecosystem can help the EUCC scheme evolve. Contributors include Laurent di Russo, former JHAS Chairman and one of the founding figures of the EUCC ISAC, and Pierre-Jean Verrando, current EUCC ISAC Administrator who led the creation of the ISAC. This publication stresses the importance of open dialogue between public authorities, NCCAs, CBs, ITSEFs, vendors, and developers - [...]

The European Commission has opened a public consultation on a draft Implementing Regulation amending Implementing Regulation (EU) 2024/482, which sets out the rules for the European Common Criteria-based cybersecurity certification scheme (EUCC). This initiative aims to clarify, modernise, and expand the scheme so that it remains fit for purpose in a fast-evolving technological and threat landscape. The draft regulation is open for comment via the European Commission’s “Have Your Say” platform till 29th August 2025. The proposed amendment therefore seeks to: Clarify and modernise definitions to cover evolving technologies and product series; Ensure assurance continuity, so that minor and major [...]

The EUCC community is invited to participate in the first meeting of JEDS’ reactivation within the EUCC ISAC, which will be held remotely on October 1st, 2025, from 14:00 to 17:30 (CET). About JEDS (Embedded Devices Subgroup) JEDS—short for the JIWG Embedded Devices Subgroup—previously operated under the Joint Interpretations Working Group (JIWG) of the SOG-IS framework, and is now being reactivated under the EUCC ISAC umbrella. This subgroup plays a pivotal role in harmonizing and interpreting certification practices for embedded devices across schemes, particularly within the EU Common Criteria (EUCC) ecosystem. JEDS contributes to defining attack potential metrics and methodologies [...]

EUCC ISAC's feedback   The EUCC Information Sharing and Analysis Centre (ISAC) demonstrates a proven and trusted model of successful collaboration between public and private stakeholders. To ensure the continued relevance, trustworthiness, and effectiveness of cybersecurity certification schemes under the Cybersecurity Act (CSA), the revision should institutionalise this collaborative approach through structured mechanisms, notably through Public-Private Partnerships (PPPs) supporting the ISAC model. Download [PDF] 1. Institutionalisation of the ECCG Subgroups for Scheme Maintenance and its liaison with private stakeholders The European Cybersecurity Certification Group (ECCG) plays a critical role in the governance of certification schemes. [...]

The first Steering Committee meeting of the EUCC ISAC, bringing together appointed representatives from the technical groups and NCCAs/CBs involved in the EUCC ISAC, will be held on Friday, 7 July, in Brussels (hybrid format). Among other topics, the Steering Committee will review the current status of the EUCC ISAC’s technical and strategic initiatives, finalize group structures and roadmaps, and establish a clear path forward for governance and collaboration with EsEm.