Skip to main content

Overview

FieldValue
CELEX32019R0881
StatusActive
Articles69
Recitals110
EUR-LexView Official Text

Compliance Deadlines

DateTypeDescription
2019-06-27Entry into forceRegulation enters into force and full application

Stakeholder Roles

The Cybersecurity Act defines obligations for the following stakeholder roles:
  • manufacturer - ICT product and service providers seeking certification
  • importer - Entities bringing certified ICT products into the EU
  • distributor - Providers of certified cybersecurity services
  • authorized_representative - EU representatives for non-EU manufacturers
  • notified_body - Conformity assessment bodies for cybersecurity certification
  • market_surveillance - National certification authorities and ENISA
  • consumer - Users of certified ICT products and services

Requirement Types

Requirements in the Cybersecurity Act are classified as:
  • obligation - Mandatory requirements for certification schemes
  • prohibition - Restricted certification claims and practices
  • right - Rights of certificate holders and users
  • procedure - Certification and peer review procedures
  • general - General provisions and definitions

API Usage

Key Topics

  • ENISA (European Union Agency for Cybersecurity) mandate and governance
  • European cybersecurity certification schemes
  • ICT product, service, and process certification
  • Assurance levels (basic, substantial, high)
  • Mutual recognition of certificates across Member States
  • Peer review mechanisms for certification bodies
  • Relationship with sector-specific regulations