In total, three different agreements have been concluded so far in Europe for the recognition of IT security certificates.

The first agreement on the mutual recognition of IT security certificates based on the ITSEC criteria, on the basis of which ITSEC certificates for IT products were recognised, entered into force for the first time in March 1998 (SOGIS-MRA version 1). It was signed by Finland, France, Germany, Greece, Portugal, the Netherlands, Norway, Spain, Sweden, Switzerland and the UK and included the general recognition of ITSEC certificates.

This agreement was replaced in 1999 by an agreement extended to IT security certificates based on the Common Criteria. It was signed by Finland, France, Germany, Greece, Italy, the Netherlands, Norway, Spain, Sweden and the UK. Mutual recognition of certificates up to evaluation assurance level EAL 7 of the certification authorities of Germany, France and Great Britain and, from January 2009, of the Netherlands (SOGIS-MRA version 2) was agreed.

SOGIS-MRA Version 2 was replaced in 2010 by SOGIS-MRA Version 3, which was signed by the national authorities of the following countries at the time of entry into force in April 2010: Finland, France, Germany, the Netherlands, Norway, Spain, Sweden and the UK (SOGIS-MRA Version 3). This agreement stipulates the recognition of certificates for IT products based on the Common Criteria or ITSEC up to and including the EAL 4 or E3 (basic). At the time of entry into force, the recognised certification bodies for this were the national bodies from Germany, France, Great Britain, the Netherlands and Spain.

In addition, a higher recognition (higher than EAL4 or E3 (basic)) is provided for certain "Technical Domains" under special framework conditions. The agreement defines the technical domain "Smart cards and similar devices". At the time of entry into force, the recognised certification bodies for this were the national bodies from Germany, France, Great Britain and the Netherlands.

A "Technical Domain" for hardware devices with a security box is currently being set up. Details on the recognition of certificates can be found on the website https://www.sogis.eu/.

In addition, certificates for protection profiles based on the Common Criteria are recognised. A current list of signatory countries and recognised certification bodies can be found on the website https://www.sogis.eu/.

Within the framework of this European Recognition Agreement, the BSI recognises the following certificates (as of September 2014), taking into account the above-mentioned general conditions:

• Certificates for IT products based on the ITSEC issued before April 2010 by the national certification bodies of France, the UK and, from January 2009, the Netherlands, or certificates with high assurance levels issued under the previous agreement and recertified under the new agreement by the end of April 2012.
• Certificates for IT products based on Common Criteria up to EAL 7 issued before April 2010 by the national certification bodies of France, the UK and, from January 2009, the Netherlands, or certificates with high assurance levels issued under the previous agreement and recertified under the new agreement by the end of April 2012.
• Certificates for IT products based on ITSEC up to E3, mechanism strength low (basic), issued by the national certification bodies of France, Great Britain, the Netherlands and Spain as of April 2010.
• Certificates for IT products based on the Common Criteria using assurance components up to EAL 4 of the national certification bodies of France, Great Britain, the Netherlands and Spain issued as of April 2010 and of Italy as of December 2010 as well as of Sweden as of May 2013 and of Norway as of May 2013 (if the evaluation was carried out by Norwegian auditing bodies).
• Certificates for IT products based on the Common Criteria when using assurance components up to EAL 7 in the technical area "Smart cards and similar devices" of the national certification bodies from France, Great Britain and the Netherlands, which were issued from April 2010 and from Spain from May 2013.
• Certificates for Protection Profiles based on the Common Criteria of the national certification bodies of France, Great Britain, the Netherlands and Spain issued as of April 2010 and of Italy as of December 2010 as well as of Sweden as of May 2013 and of Norway as of May 2013 (if the evaluation was carried out by Norwegian auditing bodies).

Due to the cooperation in the different work groups, continuous exchange of information between the signatory states is ensured.

The SOGIS logo with the corresponding additional text on each BSI certificate indicates whether and how a certificate is covered by this recognition agreement.