www.belgium.be Logo of the federal government

Milestone cybersecurity certification: legal framework for issuing and recognising European cybersecurity certificates published

The Council of Ministers designated the Centre for Cybersecurity Belgium (CCB) as the National Cyber Security Certification Authority (NCCA). The CCB will be expanded with a Certification team (CCB-Certification) that will provide guidance and support to Belgian companies in the EU cybersecurity certification process.
The law of 20 July 2022 on the cybersecurity certification of information and communication technologies and on the designation of a national authority for cybersecurity certification was recently published (M.B., 5/08/2022).  This law implements the European Regulation 2019/881 of 17 April 2019 on the certification of information and communication technologies in the field of cybersecurity, the so-called Cybersecurity Act.
 
Cybersecurity Act
 
The Cybersecurity Act provides a framework for the issuance and recognition of European cybersecurity certificates. These certificates are based on cybersecurity certification schemes with one or more assurance levels ("basic", "substantial" or "high"). 
The aim is to improve the transparency of the cybersecurity security of information and communication technology products, services and processes. This will increase trust in and the competitiveness of the digital single market. The use of certifications provided for in the Cybersecurity Act will in principle remain voluntary.
 
National cybersecurity certification authority
 
In order to obtain a European cybersecurity certificate, one has to comply with the requirements of the cybersecurity schemes.  One either draws up a declaration of conformity or applies for certification from a conformity assessment body (CAB) or the national cybersecurity certification authority (NCCA). 
Conformity assessment bodies accredited by the national accreditation body issue European cybersecurity certificates with a so-called "basic level" or "substantial level" of assurance. The authority, i.e. the NCCA, manages the issuance of the certifications at assurance level "high".
 
The Centre for Cybersecurity Belgium (CCB) has been designated as the NCCA
 
The Regulation requires that a National Authority (NCCA) be designated at national level. The NCCA must ensure that all rules related to the Cybersecurity Act are correctly applied in our country and participates in the European Cybersecurity Certification Group (ECCG). 
The Council of Ministers designated the Centre for Cybersecurity Belgium (CCB) as the National Authority for Certification of Cybersecurity (NCCA). The CCB is expanded with a Certification team (CCB-Certification) that will provide guidance and support to Belgian companies in the EU cybersecurity certification process.