Eurosmart | The voice of the Digital Security Industry | Revision of the EU standardisation policy

02 Oct 2023 Revision of the EU standardisation policy

Posted at 12:19h in CDI, IoT, News, Position Papers byadmin8520

Contribution to the call for evidence for regulation 2023/1025

The European Harmonised Standards (hEN) have been demonstrated to effectively ease the burden on lawmakers and encourage a pragmatic and technical approach to regulation, ultimately fostering an environment conducive to interoperability, safety, and innovation. The legal model, known as the New Legislative Framework (NLF), aims to distinctly separate the process of establishing legal requirements, outlined in harmonisation legislation by the European legislator, from the technical specification aspect, carried out through harmonised European Standards by European Standardisation Organisations involving national experts[1].

In the course of the call for evidence launched by the European Commission to evaluate Regulation 1025/2012, Eurosmart is pleased to address remarks related to the relevance of the European Standardisation System and its governance when it comes to compliance with the upcoming safety-related piece of legislation.

Common specifications

In recent legal acts and revisions of vertical and horizontal regulations, a provision has been included allowing the European Commission to opt for common specifications instead of relying on Harmonised Standards. Eurosmart acknowledges the European Commission’s rationale, considering common specifications as a crucial tool for mitigating the absence of essential Harmonised Standards in harmonisation legislation under the New Legislative Framework (NLF). This measure aims to guarantee the smooth operation of the European Single Market.

“Common Specifications” refers to technical specifications officially endorsed by the Union law through implementing acts, providing a presumption of conformity to essential requirements. This tool is envisioned for the Cyber Resilience Act[2]. In that respect, “Common Specification” shares similarities and the same legal effect for harmonised standards – defined and ruled by regulation 2012/1025. Both “Common Specifications” and “Harmonised standards” could be used to grant a presumption of conformity to essential requirements.

Nevertheless, “Common Specification” do not enjoy the same governance as harmonised standards regarding formal objections of Member State (article 11 of regulation 2012/1025).

During the instruction of the Cyber Resilience Act file, such a proposal was made, but it is unclear whether it will be retained. Therefore, Eurosmart recommends regulation 2012/1025 to specify as the following:

Include in the scope of this regulation “Common specifications” to ensure consistency with the other Union’s acts ;
Recognise the dual objective for “Common specifications” (1) to compensate for the unavailability of hENs and (2) to leverage existing (private) industry or sector-specific standards.
Describe the governance of “Common specifications” in particular (1) that they are adopted through implementing acts, and (2) the mechanisms whereby a Member State could exercise formal objections.

The role of the European Standardisation System in the European strategy in a competitive digital world

Over the last few years, many European legislations ruling the digital world have been adopted, and some are currently under discussion. However, they do not leverage the European Standardisation System but rather define an ad hoc system to prepare supporting technical documents:

Expert groups, Large Scale Pilots (LSPs) and contract with a supplier for the implementation of eIDAS 2;
ENISA and ECCG, with the support of ad-hoc advisory groups for the preparation of European cybersecurity certification schemes.

Eurosmart recommends the European Commission to clarify the role it envisions for the European standardisation system in support of legislations ruling the digital world.

The contribution of the High-level Forum and the Standardisation hub to the European standardisation system

Following the new EU standardisation strategy announced on 2 February 2022, the High-level Forum and the Standardization Hub were created. However, it is still unclear what their exact role is, what their current tasks are and how they articulate with the European Standardization System. A transparent governance is necessary regarding the contributions and advice of these groups to the annual Union work programme for European Standards.

Eurosmart notices the already existing Multi-Stakeholder Platform on ICT Standardisation, whose mandate has been renewed this year, is a key contributor through its yearly rolling plan. Eurosmart recommends clarifying the overall governance and the missions of each advisory group.

The role of the European standardisation system in the TTC

The TTC[3] has been established between the EU and the US as part of a more global trade agreement. Within this forum, both parties also exchange on standardisation in a view to converge as much as possible on technical standards –when used to support the implementation of legislations – which are common to both parties. This aims at fostering trade and eliminating non-commercial barriers between the EU and the US.

As global trade profoundly impacts the functioning of the European Standardisation System, stakeholders should be consulted and be ready to contribute and anticipate any potential impacts on the European Standards and related deliverables. The future proposal shall assess the effects of the discussions held within the TTC on the European standardisation system. In addition, Eurosmart recommends clarifying the way the European standardisation system is involved in the governance of the TTC (on the EU side), as well as how it is involved in this dialogue.

[1] Regulation EU 2022/2480 establishes rules with regard to the establishment of European standards and European standardisation deliverables, and restricting the decision on Harmonised Standards to be taken exclusively by the sole representatives of national standardisation bodies .

[2] https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act

[3][3] https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/stronger-europe-world/eu-us-trade-and-technology-council_en

2023_09_26_Eurosmart_contribution_callforevidence-2012_1025_final_

Print page

Eurosmart welcomes the recent adoption of the Cyber Resilience Act and the Artificial Intelligence Act by the European Parliament

Eurosmart Unveils Ground-breaking PP-0117 V2 Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

Eurosmart Welcomes Adoption of the EUCC Scheme, Advocates Collaborative Approach for Sustainable Implementation

Eurosmart welcomes the recent adoption of the Cyber Resilience Act and the Artificial Intelligence Act by the European Parliament

Eurosmart Unveils Ground-breaking PP-0117 V2 Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

Eurosmart Welcomes Adoption of the EUCC Scheme, Advocates Collaborative Approach for Sustainable Implementation

Revision of the Cybersecurity Act (CSA) – The importance of maintaining efficient governance

Eurosmart’s priorities for the Cyber Resilience Act

Eurosmart’s Comments on the Cyber Resilience Act (CRA) proposal.

EU Common Criteria (EUCC) Certification Scheme

Revision of the Directive on Driving Licences – Eurosmart’s Answer to Public Consultation

European Digital Identity Wallet: Why do we need level “high” (eIDAS) & level “high” (Cybersecurity Act)?

Revision of the EU standardisation policy

02 Oct 2023 Revision of the EU standardisation policy

Contribution to the call for evidence for regulation 2023/1025

Common specifications

The role of the European Standardisation System in the European strategy in a competitive digital world

The contribution of the High-level Forum and the Standardisation hub to the European standardisation system

The role of the European standardisation system in the TTC

Recent news

Follow us on X