As Europe strengthens its digital sovereignty and builds a more integrated single market, cybersecurity certification is becoming a key tool for trust, market access, and competitiveness — especially for small and medium-sized enterprises (SMEs).

The EU Common Criteria scheme was verified last year and is now available for companies to use to certify their cybersecurity products. In this open meeting of DIGITAL SME’s Working Group on Cybersecurity and Data Protection, guest speakers from ENISA and the European Commission presented the state of play on European cybersecurity certificates, with an overview of how companies can apply the European Common Criteria Scheme to their products.

Further to this, as part of the Revision of the Cybersecurity Act, the role of certification and its development is being reassessed. The event discussed how Europe can use certification to promote homegrown products and develop a stronger single market of cybersecurity services. This panel discussion also looked at the role of cybersecurity legislation and the areas in which European laws can be simplified to make it easier for companies to launch cybersecurity products and services.

To support this debate and ensure that SME perspectives are taken into account, DIGITAL SME has also launched a targeted consultation for Working Group members. The survey collects input on how certification schemes are used, what challenges companies face, and where EU rules could be simplified. The results will help inform our position in the ongoing revision process and strengthen SME representation in EU policymaking.