• On 5 June, the European Commission announced the successful applicants to the Stakeholder Cybersecurity Certification Group (SCCG), set up by the EU Cybersecurity Act

• Among other tasks, the SCCG will advise and assist the European Commission and the European Union Agency for Cybersecurity (ENISA) on strategic issues regarding the EU Cybersecurity Certification Framework

• DIGITAL SME Expert George Sharkov aims to “ensure that small business needs are appropriately involved and addressed in cybersecurity certification schemes”

Brussels, 24 June (DIGITAL SME). A little less than a year ago, the EU Cybersecurity Act entered into force. As laid out in DIGITAL SME’s position paper about the Act, the goal of the regulation is to establish an EU-wide harmonised framework to certify ICT products and services. Today, an important part of the Act’s mandate is coming to life: the Stakeholder Cybersecurity Certification Group (SCCG).

The European Cybersecurity Organisation (ECSO) describes the SCCG’s tasks as including “(a) advising the Commission on strategic issues concerning the European Cybersecurity Certification Framework; (b) advising ENISA on general and strategic matters concerning its tasks in cybersecurity certification, market & standardisation; (c) assisting the Commission in preparing the Union Rolling Work Programme to identify strategic priorities for future European Cybersecurity Certification schemes.”

DIGITAL SME experts George Sharkov and Fabio Guasconi (as a substitute) were selected for a seat in the SCCG. “We want to ensure that small business, which forms the backbone of the European Digital Single Market, is appropriately represented and covered in the cybersecurity certification schemes at national and EU level”, Mr Sharkov commented upon his selection. The experts’ work in the SCCG will draw on DIGITAL SME’s working group for cybersecurity (WG CYBER), which Mr Guasconi is chairing.

“Certification schemes affect SMEs differently from large companies”

Why is the representation of SMEs in policy deliberations about cybersecurity certification so important—and how do their needs differ? “Cybersecurity certification schemes affect SMEs differently from large companies”, said Mr Sharkov upon his nomination to the SCCG. “Small businesses do not avail of the resources to properly analyse and implement schemes if they are too complex and generic, for example.

On the other hand, insufficient awareness and affordability of schemes would jeopardise any good initiative, so the schemes must include SME-specific implementation policies and -measures. ” The Bulgarian entrepreneur and cybersecurity expert employs a holistic approach to the security and resilience of supply/value chains. He views the push for “lightweight” certification schemes adapted to SMEs as his primary role in the Group. According to Mr Sharkov, “’Small is BIG’ for the value contributed by the SMEs to the European digital market. But ‘small’ could be under ‘big threat’ if not considered carefully in workable standardisation and certification measures”.