2025 is almost here: Countdown to Compliance
Stay Ahead and Prepare for the EUCC, new Common Criteria scheme, and RED Certification Deadlines
Two key deadlines in cybersecurity and compliance are rapidly approaching: the transition to the EUCC and the RED Delegated Act. These deadlines are critical for manufacturers and service providers to ensure their products meet the latest European security standards.
The EUCC (European Cybersecurity Certification Scheme) will take full effect in February 2025 and aims to standardize Common Criteria certification across the EU, giving companies a competitive edge in a highly regulated market. Preparing for this deadline ensures your products are compliant and ready for the European market, minimizing future risks.
The deadline for radio equipment manufacturers to comply with the new cybersecurity requirements of the Radio Equipment Directive (RED) is 1st August 2025. These criteria ensure that devices using radio frequencies meet required security and performance standards before entering the market. Compliance is essential, as non-compliance could result in products being banned from the European market. The European Commission adopted this act in October 2021 and is working on new harmonized standards to align with the requirements.
Based on workshops and presentations from the ESOs (European Standardization Organizations) and commission, the harmonized standards, EN 18031-1, 18031-2, and 18031-3 will likely be based on existing IoT cybersecurity standards EN 303 645 and IEC 62443-4-2.
Why is early preparation key?
The EUCC and RED involve intricate certification processes, from documentation reviews to product evaluations. Waiting too long to start the process could result in delays, missed market opportunities, and potential legal complications. By starting now, you can avoid unprepared documentation, and missing evidence but ensure thorough security evaluations, and gain the trust of your clients by proving your commitment to the highest standards in cybersecurity.
Businesses that act now ensure regulatory compliance and position themselves as product security and reliability leaders. The sooner companies begin preparing, the smoother the certification process will be, allowing them to stay ahead of the competition.
Act now - Prepare for EUCC Certification
The European Cybersecurity Certification Scheme (EUCC), effective from February 2025, is vital for ensuring harmonized Common Criteria certification of high-security ICT products across the EU. Developed by ENISA under the Cybersecurity Act, EUCC aligns Common Criteria-based standards across member states, simplifying certification and boosting trust in product security.
To apply, ICT suppliers must engage with an EUCC-accredited Certification Body (CB) and a chosen ITSEF (Information Technology Security Evaluation Facility) for rigorous assessments. Certification enhances product security, supports innovation, and facilitates market access across the EU. Starting the process early ensures smoother evaluation and compliance. By obtaining EUCC certification, companies showcase their commitment to top-tier cybersecurity standards, enhancing market credibility.
Read our blog post on EUCC and learn more about the preparation and evaluation.
Blog
Challenges in Implementing the Radio Equipment Directive’s Cybersecurity Requirements
9
min reading time
The Radio Equipment Directive (RED) plays a pivotal role in the single market for radio equipment. It establishes a regulatory framework that promotes seamless trade, ensures product safety, and enhances consumer protection across the European Union. The inclusion of articles 3.3(d), 3.3(e), and 3.3(f) provides requirements for manufacturers on cybersecurity compliance, introducing new dimensions to the already comprehensive directive.
How To Access International Markets Faster Through IECEE CB Scheme Certification
9
min reading time
Businesses continually seek avenues to expand their market reach and drive profitability in the dynamic global commerce landscape. Among the myriad strategies available, leveraging international standards and certifications is paramount to facilitating market access. One such pivotal certification framework is the IECEE CB Scheme. In this comprehensive guide, we delve into the intricacies of the scheme, elucidating its significance, benefits, and the streamlined process it offers for accessing international markets with unparalleled efficiency.
EUCC: A New Cybersecurity Scheme for Evaluating and Certifying Products in Europe
8
min reading time
In the continually evolving cybersecurity landscape, ensuring the safety and reliability of Information and Communication Technology (ICT) products has become more crucial than ever. The European Common Criteria-based Cybersecurity Certification Scheme (EUCC) is a groundbreaking and indispensable scheme to meet this pressing need. Enacted within the Cybersecurity Act certification framework, the new scheme is a pioneering initiative to establish a unified certification framework for a diverse range of ICT products. This ambitious endeavor heralds a transformative era in cybersecurity practices throughout the European Union.
Challenges in Implementing the Radio Equipment Directive’s Cybersecurity Requirements
9
min reading time
The Radio Equipment Directive (RED) plays a pivotal role in the single market for radio equipment. It establishes a regulatory framework that promotes seamless trade, ensures product safety, and enhances consumer protection across the European Union. The inclusion of articles 3.3(d), 3.3(e), and 3.3(f) provides requirements for manufacturers on cybersecurity compliance, introducing new dimensions to the already comprehensive directive.
How To Access International Markets Faster Through IECEE CB Scheme Certification
9
min reading time
Businesses continually seek avenues to expand their market reach and drive profitability in the dynamic global commerce landscape. Among the myriad strategies available, leveraging international standards and certifications is paramount to facilitating market access. One such pivotal certification framework is the IECEE CB Scheme. In this comprehensive guide, we delve into the intricacies of the scheme, elucidating its significance, benefits, and the streamlined process it offers for accessing international markets with unparalleled efficiency.
EUCC: A New Cybersecurity Scheme for Evaluating and Certifying Products in Europe
8
min reading time
In the continually evolving cybersecurity landscape, ensuring the safety and reliability of Information and Communication Technology (ICT) products has become more crucial than ever. The European Common Criteria-based Cybersecurity Certification Scheme (EUCC) is a groundbreaking and indispensable scheme to meet this pressing need. Enacted within the Cybersecurity Act certification framework, the new scheme is a pioneering initiative to establish a unified certification framework for a diverse range of ICT products. This ambitious endeavor heralds a transformative era in cybersecurity practices throughout the European Union.
How to Meet the RED 2025 Deadline with CCLab's Support
The Radio Equipment Directive (RED) 2014/53/EU governs the compliance of radio equipment in the EU, ensuring that devices like mobile phones, Wi-Fi routers, and IoT products meet safety, health, and cybersecurity standards. By August 1, 2025, connected device manufacturers must comply with new cybersecurity requirements (Articles 3.3 d, e, f), focusing on network protection, personal data, and fraud prevention.
To prepare, manufacturers should integrate these standards early in the product design process and ensure detailed documentation, thorough testing, and CE marking are completed. Effective planning, internal audits, and coordination with accredited testing labs are essential for smooth compliance.
How Can CCLab Help?
At CCLab, we offer end-to-end support for manufacturers navigating RED compliance, including:
- Consultation: Assistance with integrating cybersecurity requirements during design and development.
- Accredited Testing: Comprehensive testing based on ETSI 303 645 and/or EN 18031 standards to ensure compliance with safety and cybersecurity standards.
- Certification services: We collaborate with CerTrust (a RED Notified Body) to provide seamless certification services.
With our expert guidance, manufacturers can confidently meet RED requirements and enter the European market without delays or unexpected risks. Our comprehensive consultation and testing services ensure your products are compliant and market-ready.
Contact CCLab, and book a consultation today!
CCGuide: The most effective way to prepare Developer Docs for CC evaluation
CCLab created an educational material package for Software Developers to maximize the efficiency of the preparation of their product's CC evaluation. The training package includes tutorial videos for each evaluation class, fully completed EAL4 developer documents for a TOE called VulnSite, and a complete set of developer document templates for all evaluation classes.
Watch this video now!
Interested? Check out the details and the package offers now.
Securing Industrial Automation and Control Systems (ICS)
As Industrial Automation and Control Systems (IACS) become more integrated into critical infrastructure, their security is paramount. The ISA/IEC 62443 standards provide a comprehensive framework to mitigate cybersecurity risks, protect industrial environments, and ensure compliance.
The IEC 62443-4-1 focuses on embedding security throughout the product development lifecycle, from initial design to decommissioning. Meanwhile, IEC 62443-4-2 specifies the technical requirements for securing IACS components like Programmable Logic Controllers (PLCs), network devices, and software applications.
Meeting these standards not only protects against evolving cyber threats but also demonstrates a commitment to security by design, offering businesses a competitive edge. With certification, manufacturers show they’ve implemented best practices and can meet increasing customer expectations for secure industrial systems.
Getting your IACS solution certified under the CB scheme can be of great value to your customers throughout any future procurement process.
At CCLab, we provide tailored support through the CB certification process, offering services such as gap analysis, security audits, and evaluation management. From newcomers to experienced professionals, our team helps businesses navigate the IEC 62443 standard series, ensuring full compliance and secure IACS environments.
Read more here
