On June 17 the Seimas of the Republic of Lithuania adopted amendments to the Law on Cyber Security, by which Lithuania took the legal steps necessary for implementation of provisions of the European Union Cybersecurity Act and as of June 28 is creating a collective space together with other EU member states in which the EU cybersecurity certificates will be valid. The amendments to the Law will come into force when signed by the President of the Republic of Lithuania.
“The EU cybersecurity certification framework will ensure that users get more information and make decisions when choosing ICT products and services that are informed better. A unified certification system will also prevent contradictory or duplicating national cybersecurity certification schemes, thus cutting the costs for companies working in the digital single market,” Vice Minister of National Defence Margiris Abukevičius says.
The cybersecurity certification will be carried out on a voluntary basis. The EU cybersecurity certificates will be issued for ICT products, services and processes according to their compliance with European Union cybersecurity certification schemes. The European Commission is expected to approve the first scheme for certification of ICT products cybersecurity, based on the Common Criteria, the Common Methodology for Information Technology Security Evaluation, and corresponding standards, respectively, ISO/IEC 15408 and ISO/IEC 18045, in the nearest while.
The certificates will come in three cybersecurity assurance levels. The basic and substantial level certificates will be given out by national conformity assessment bodies, and the high assurance level certificates will be issued by the national cybersecurity certification authority or a conformity assessment body authorized by it.
The EU cybersecurity certification procedure will be supervised by the national cybersecurity certification authorities. In Lithuania, the function will be carried out by the National Cyber Security Centre under the Ministry of National Defence.
No limits are set for the number of national conformity assessment bodies. In Lithuania, the bodies will be accredited by the National Accreditation Bureau.
The European Commission will also monitor how actively manufacturers and suppliers of ICT products, services and processes apply for certification, and will draw a conclusion by 2023whether there should be mandatory certification.
Related image
