The European Cybersecurity Act (Regulation (EU) 2019/881) entered into force on 27 June 2019. The core elements of this Regulation include a permanent mandate for the European Union Agency for Cybersecurity (ENISA), accompanied by the introduction of a uniform European certification framework for ICT products, services and processes. These are to be certified according to various criteria and assigned the predefined security levels of 'low', 'medium' and 'high'.

Following the publication of the proposed Regulation in September 2017, the Federal Office for Information Security (BSI) contributed in-depth support to the negotiations and consultations conducted in the drafting committees. These contributions helped ensure that successful existing certification frameworks were transposed into the new Regulation. The EU Member States also continue to play a key role in certification for high-security applications.

The certification framework set out in Article III of the Regulation also significantly changes the procedure for developing certification schemes and issuing certificates within the European Union. As a member of bodies such as the European Cybersecurity Certification Group (ECCG), the BSI is making significant contributions to the new processes created by the Regulation. As before, the BSI also continues to work closely with European partners in the field of cyber security certification.