认证与CRA的交汇点——迈卡·福伦巴赫欧盟委员会.pdf

1、Where Certification meets CRA Maika FhrenbachEuropean Commission,DG CONNECTConformity assessment approachDefault category self-assessment(90%)(memory chips,mobile apps,smart speakers,computer games.)Important products application of standards/third-party assessment(operating systems,browsers,firewal

2、ls)Critical products in the future potentially certification(smart cards,secure elements,smart meter gateways)Draft Commission guidelines Section 6 important and critical products(public consultation closed on 13 April)To be specified-Europeancertification scheme based on Common Criteria(EUCC)Q4,202

3、6INPUT:ENISA study&pilot projectConformity assessment venues under CRA Notified body+ManufacturerNotified body+ManufacturerEuropean cybersecurity certification schemesEU-Type examination(B+C)Full quality assurance(H)EU Cybersecurity ActNew Legislative Framework Self-assessment(Module A)Manufacturer

4、onlyMember States to notify competent authorities by June 2026By December 2026:Sufficient notified bodies in placeDriving a consistent approach&level playing field:Cooperation with Member States informal group of notifying authorities,support by ENISA Explore synergies with RED DA&EUCCEngagement wit

5、h European Accreditation Engagement with private CABs Future working group of notified bodies Conformity assessment bodies for the CRATowards an EU conformity assessment ecosystemCRA:Presumption of conformity(EUCC),possible mandatory certification,due diligence.CRA:Conformity assessment bodies leveraging EUCC CSA 2.0:Alignment&synergies with CRA(security objectives,CABs)CSA 2.0:ENISA to support a robust,competitive,inclusive and harmonised conformity assessment ecosystem Cooperation between CRA market surveillance authorities/Notifying Authorities/NCCAs