Cybersecurity Act
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Chapter IV – FINAL PROVISIONS
Recitals (110)
Annexes
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Article 46
European cybersecurity certification framework
1. The European cybersecurity certification framework shall be established in order to improve the conditions for the functioning of the internal market by increasing the level of cybersecurity within the Union and enabling a harmonised approach at Union level to European cybersecurity certification schemes, with a view to creating a digital single market for ICT products, ICT services, ICT processes and managed security services.
2. The European cybersecurity certification framework shall provide for a mechanism to establish European cybersecurity certification schemes and to attest that the ICT products, ICT services and ICT processes that have been evaluated in accordance with such schemes comply with specified security requirements for the purpose of protecting the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or the functions or services offered by, or accessible via, those products, services and processes throughout their life cycle. In addition, it shall attest that managed security services that have been evaluated in accordance with such schemes comply with specified security requirements for the purpose of protecting the availability, authenticity, integrity and confidentiality of data which are accessed, processed, stored or transmitted in relation to the provision of those services, and that those services are provided continuously with the requisite competence, expertise and experience by staff with a sufficient and appropriate level of relevant technical knowledge and professional integrity.