This Regulation establishes detailed procedures for notifications of conformity assessment bodies in the field of cybersecurity certification within the EU. It implements provisions of the Cybersecurity Act regarding how national cybersecurity certification authorities (NCCAs) should notify the European Commission about bodies authorized to issue European cybersecurity certificates. The Regulation is particularly relevant in light of the first European Common Criteria-based cybersecurity certification scheme (EUCC).The Regulation consists of 5 articles and an Annex. Article 1 defines the subject matter, Article 2 establishes notification procedures, Article 3 deals with identification numbers and lists of conformity assessment bodies, Article 4 covers changes to notifications, and Article 5 contains entry into force provisions. The Annex provides detailed requirements for information that must be included in notifications.Key provisions include:
- NCCAs must use the Commission’s electronic notification tool to submit notifications about conformity assessment bodies
- The Commission assigns unique identification numbers to notified bodies, even if they are notified under multiple schemes
- NCCAs must notify any changes without delay, including restrictions, suspensions or withdrawals of notifications
- Specific requirements for secure storage of records in cases where notifications are withdrawn or bodies cease activities
- Detailed information requirements for notifications, including general information, details about the NCCA, conformity assessment body, accreditation and authorization information
