In order to receive the IT Security Label, manufacturers must first check their product for conformity with the IT security requirements set by the BSI. They can then submit an application to the BSI and declare that their device or service complies with these technical standards.
The IT Security Label is granted by categories, which are based on different requirements. According to the law, these can be BSI Technical Guidelines (e.g. for the broadband router category), international standards (e.g. for the smart consumer devices category) or recognized industry standards.
By submitting an application, the manufacturer undertakes to report vulnerabilities, patch them without due delay and provide corresponding updates.
As part of the application process, BSI checks the documents submitted and, if necessary, requests further evidence in order to assess compliance with the IT security requirements. If the assessment is positive, the label is granted.
The labelled product is then immediately subject to BSI Market Surveillance for the entire time that the label is valid. The market surveillance can test products for conformity at any time. This ensures that the IT security features are not only complied with on day X, but for the entire validity of the label.