EU – US comparison of approaches to cybersecurity certification and standardization

Citation: Václav Stupka / Jakub Vostoupal / Pavel Loutocký, EU – US comparison of approaches to cybersecurity certification and standardization, in: Jusletter IT 27. April 2023

The increasing dependence of the information society on the confidentiality, availability and integrity of information and communication systems is forcing countries to introduce regulations to protect key infrastructures and systems. One of the tools of this regulation is the standardization and certification of ICT products and services. This area has undergone dynamic development in recent years, both in terms of the method of regulation and the approach to defining security requirements. This paper compares approaches to cybersecurity standardization and certification in the US and the EU, particularly in the context of new and pending legislation in the EU in the form of the Cybersecurity Act and the forthcoming Cyber Resilience Act. The paper aims to identify the differences between these regimes and their compatibility from the perspectives of certification providers, vendors and users.

---