Brexit and Cyber Security Certification Schemes
The EU has done a lot of work in promoting Cyber Security Certification Schemes with a view to strengthening the digital single market within the EU and increasing trust for consumers of ICT ( Information and Communications Technology) products and services within the EU.
This work culminated in the so-called EU Cyber Security Act ( EU Regulation 2019/881) which came into force on 27th June 2019 and which strengthened the mandate of the EU Cyber Security Agency ( ENISA) on a permanent basis and laid out a cyber security certification framework based on the set up of voluntary schemes rather than the establishment of directly operational schemes.
The UK was very much involved in the promotion of the EU Cyber Security Act and is keen to continue co-operation with the EU in the event of Brexit, deal or no deal.
The UK Government through its EU Cyber Security Team at the Department for Digital, Culture, Media and Sport has , therefore, now published a "Call for views" document as to the criteria that the UK should apply when recognising EU Cyber Security Certification Schemes - which will presumably also condition the reciprocal criteria that the UK would be happy to see included in UK Cyber Security Certification Schemes submitted for recognition to the EU. The document suggests - better cyber security in the UK; consumer need; economic advantage to UK business; and openness and transparency - as criteria for the recognition by the UK of EU Cyber Security Certification Schemes. The closing date for responses to the Call for views is 8th October 2019.
These are all important matters - wherever the Brexit discussions end up.