Press release
TÜVIT conducts the independent security assessment, while TÜV NORD CERT makes the certification decision. This provides manufacturers with a streamlined path to EUCC certification as proof of compliance with the requirements of the Cyber Security Act (CSA) and the Cyber Resilience Act (CRA).
TÜV Informationstechnik GmbH (TÜVIT) can now provide even more comprehensive support to companies participating in the European cybersecurity certification scheme EUCC. In addition to independent evaluation, certification at the “substantial” level is now also available through TÜV NORD CERT GmbH. A prerequisite for this was the legally mandated authorization granted by the Federal Office for Information Security (BSI). This provides manufacturers with a clearly structured path from technical testing to certification.
What is EUCC?
EUCC stands for European Common Criteria-based Cybersecurity Certification Scheme. The European scheme establishes a uniform framework for evaluating and certifying the cybersecurity of IT products according to recognized criteria. This includes, among other things, hardware, software, chips, and embedded systems. The goal is to make security levels transparent and traceable across Europe. EUCC has been in effect since February 2025. Certificates can be issued at the “substantial” and “high” levels.
All in One Package
The added value for companies lies in the integration of testing and certification into a continuous process. As an ITSEF, TÜVIT conducts the technical security assessment. As a Certification Body, TÜV NORD CERT issues certificates for products that meet EUCC requirements. This clarifies workflows, reduces interfaces, and makes processes easier for manufacturers to plan.
TÜVIT has been designated as an ITSEF for EUCC at the “substantial” and “high” security levels since May 2025. TÜV NORD CERT received accreditation as a Certification Body for the “substantial” level on March 10, 2026.
Why this is Relevant for Companies
Manufacturers are facing growing pressure to demonstrate the cybersecurity of their products, in part through independent verification. This is precisely where EUCC comes in. The scheme creates transparency. It makes assessments more comparable. And it makes it easier to provide robust evidence of security levels to customers, partners, and authorities.
EUCC is voluntary. At the same time, the scheme may gain significance in the regulatory landscape, for example in the context of the Cyber Resilience Act. It is thus not only a security certification but also a strategic tool for market access in Europe.
TÜVIT Brings Practical EUCC Experience to the Table
A recent reference project demonstrates that TÜVIT is not only keeping pace with the new European framework but is already putting it into practice. In early 2026, TÜVIT participated in the evaluation of the first product certified by the Federal Office for Information Security (BSI) under EUCC. This underscores the company’s role as an experienced testing body for complex IT security products.
Voice from the Company
“With EUCC, a new, common framework for verifiable cybersecurity is emerging in Europe. For manufacturers, it is crucial that this approach is not only legally sound but also practically implementable. This is exactly where TÜVIT comes in: with technical depth, clear processes, and a closely integrated range of services from evaluation to certification,” says Markus Wagner, Team Lead Software Evaluation at TÜVIT.
A Service for the European Market
With its expanded EUCC offering, TÜVIT—together with its certification body TÜV NORD CERT—is strengthening its position as a partner for manufacturers seeking to align their products with European security requirements. This applies to established security products as well as new digital components and systems. Companies thus gain access to a structured, independent, and Europe-wide cybersecurity assessment.
TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.
Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.
