Skip to content
Business Services

Cyber Security Certification

The MDIA is collaborating with ENISA to develop EU cybersecurity certification which provides evidence of compliance to a given level of trust. EU Cybersecurity Certification schemes are developed within the framework defined primarily in the Cybersecurity Act.

Nowadays voluntary, with the goal to empower the EU Digital Single Market, the future schemes are also encouraged through other regulations. Certification is a tool that allows product vendors and service providers to demonstrate and advertise the cybersecurity of their solutions.

By developing cybersecurity certification at EU level, the goal is to harmonise the recognition of the level of cybersecurity of ICT solutions across the Union, allowing vendors and service providers to reach more customers.

Loading...

Product Vendors and Service Providers

EU cybersecurity certification will bring new EU-wide market opportunities through simplifying efforts in demonstrating cybersecurity compliance. Certified solutions will stand out in the market and support the development of internal expertise. For those already certified with existing schemes, MDIA will provide guidance to smooth the transition process and compare requirements from existing schemes to those of the EU to facilitate transition.

National Cybersecurity Certification Authorities (NCCAs)

As required by the Cybersecurity Act, the MDIA is the designated National Cybersecurity Certification Authority (NCCA) in charge of supervising, certifying and monitoring EU cybersecurity certification at national level and to exchange at EU level.

Conformity Assessment Bodies (CABs)

EU cybersecurity certification schemes are developed by ENISA with the support of experts from MDIA and from the industry, including from the conformity assessment community.

These schemes are designed to meet the need of the Member States and the industry, and to match the requirements of European regulation, making them a valuable tool at the European level to promote the security of products and services.

This new value represents a significant opportunity for CABs accredited to issue certificates or to perform evaluation activities (such as tests or audits) for these schemes. The MDIA has established cooperation with the National Accreditation Board to facilitate a smooth process.

Users of Certificates

EU Cybersecurity certificates are granted to Certified ICT products and services against EU Cybersecurity certification schemes. They demonstrate that the tested solutions are resistant to certain levels of attacks and set remediation processes while considering the latest state-of-the-art developments.

They are recognised across the European Union and allow product vendors and service providers to showcase the compliance of their solution to a specific scheme, level of assurance, scope and potentially extension or security profiles.

Certificates are valid for a limited time, which may be extended through re-assessment of the solution.

EU Certification Framework

The EU Certification Framework foresees up to three (3) levels of assurance in schemes to tackle different levels of risk associated with the intended use of the ICT solution.

Level: Basic

Evaluation to minimise the known basic risks of incidents and cyberattacks.

Level: Substantial

Evaluation to minimise the known cybersecurity risks, and the risk of incidents and cyberattacks carried out by actors with limited skills and resources.

Level: High

Evaluation to minimise the risk of state-of-the-art cyberattacks carried out by actors with significant skills and resources.

#MDIATalent

Connect your digital talent with Malta’s thriving innovation scene through MDIATalent.

MDIATalent supports the growth of Malta’s digital innovation sector by connecting skilled individuals with relevant opportunities with MDIA.

Find out more