Page 7 - Nemko - Annual performance - 2020
P. 7
manufacturers may struggle to identify and Certification or not – Compliance
understand the expectations. In addition, must be demonstrated
many do not have in place robust frameworks
for compliance work and corresponding Over the last years, there has been a broad
procedures for documentation. This means consensus that there is a need for coordinated
in the worst case; they are not able at a later regulatory action to fight cybercrime. Globally,
stage to demonstrate all the good work that we see the contours of more mandatory
has actually been carried out. requirements for market access, which add to
The Nemko IoT certification scheme is a fit for existing voluntary schemes with limited market
all current requirements. It allows manufacturers uptake. Whether certification is required or not,
to demonstrate and document compliance. is not decisive in this context: Manufacturers
First of all, this means that the application of must be prepared to provide evidence of
the scheme provides regulatory comfort and compliance, whether there is a certification
market access for the product. In addition, scheme in place or not.
the solutions implemented to meet the In Europe in particular, the EU has introduced
requirements are easily reproduced for new a draft certification scheme of three security
generations of products. Finally, in case of a levels (the Cyber Security Act). It uses the
cyber incident involving the product concerned, principles from Common Criteria for the two
certification provides a better platform for highest levels. ETSI/EN 303 645 is expected to
defending own work. apply for the most basic level, consumer-grade
products. As mentioned, this is the standard
chosen as the basis for the Nemko IoT scheme,
and we see that this standard is chosen as a
basis for national and regional, mandatory and
voluntary requirements, worldwide.
5