By Mafalda Monteiro Oliveira Cortez
Extending its leadership and expertise in device and cybersecurity testing, Keysight is accredited as an IT Security Evaluation Facility (ITSEF) under the EU Cybersecurity Certification Scheme on Common Criteria (EUCC). The accreditation enables Keysight’s Device Security Lab in Delft, Netherlands, to perform substantial and high-assurance level evaluations, supporting certification for critical information and communication technology (ICT) products such as smartcards, secure hardware, and software.
The Common Criteria (CC) framework is an internationally recognized standard for evaluating and certifying the security of IT products. In Europe, it has long provided a trusted foundation for consistent, high-assurance evaluations through mutual recognition agreements among national authorities. Building on this framework, the new EUCC introduced a unified European approach under the EU Cybersecurity Act (Regulation (EU) 2019/881). Keysight’s team has extensive experience working within the CC framework, helping clients navigate complex certification processes, streamline evaluation timelines, and align their products with evolving cybersecurity requirements — expertise that now carries forward into the EUCC era.
Why EUCC Matters
EUCC certification offers a single, trusted mark of assurance, reducing complexity for manufacturers, and increasing confidence for users. It’s especially relevant for industries where security is both a differentiator and a requirement, including:
- Payments & Digital Identity: eSE/iSE/eID, smart cards, HSMs, and crypto libraries
- Networking & Cloud/Enterprise IT: network devices, platforms, software
- Semiconductor & Embedded/IoT: secure ICs, modules, connected devices
- Automotive & Industrial: connected components and gateways
- Public Sector & Citizen ID: government-grade identity and access systems
EUCC certification benefits both product developers and end-users. It mitigates security risks by providing independent assurance that critical ICT systems are free from vulnerabilities, building user trust and confidence in their secure deployment. Certified products gain a market advantage with a single, recognized certification valid across the EU, eliminating the need for multiple national certifications and reducing time-to-market. This development ensures Keysight clients can effectively enter and compete in the unified European market without the burden of multiple national certifications.
“Keysight’s EUCC accreditation means we can test and evaluate hardware and software solutions against Europe’s highest security standards. EUCC also acts as a compliance tool for the Cyber Resilience Act (CRA), allowing certified products to be presumed compliant with relevant CRA obligations. This gives our customers a clearer, faster path to bringing secure products to market,” said Gerrit van der Bij, Compliance Lead at Keysight Device Security Lab.
Preparing for Post-Quantum Security
As cryptographic standards evolve, EUCC is aligning with next-generation requirements. The 2025 update of the Agreed Cryptographic Mechanisms (ACM) includes Post-Quantum Cryptography (PQC) algorithms, emphasizing hybrid solutions for resilience. Keysight helps clients navigate this transition by advising on hybrid cryptography strategies and enabling secure, future-proof deployments in sectors where security is paramount.
Learn more about Keysight Device Security solutions and services on our webpage, or reach out to riscuresolutions@keysight.com.
