AIOTI submitted a response to the consultation on Cybersecurity Act (CA)
One of the key tasks of the Cybersecurity Act (CA) is to create the European Cybersecurity Certification Framework – ECCF.
In this context, we agree that the Cybersecurity Certification should be based on technical standards, which can be measurable and assessable with measurable and EU Member States aligned cybersecurity criteria.
The Cybersecurity Certification driven by non-technical risk factors is not based on technical standards and therefore, is not assessable with measurable and EU Member States aligned cybersecurity criteria. In this regard, we propose not to include the non-technical Cybersecurity Certification requirements in the CSA revision.