PRESS RELEASE
SRC notified as one of the first testing laboratories for new EUCC scheme
Bonn, May 05, 2025 – The test laboratory of SRC Security Research & Consulting GmbH was one of the first bodies to be notified by the National Cybersecurity Certification Authority (NCCA) at the EU Commission. This authorizes SRC to carry out evaluations in the new European Common Criteria scheme (EUCC) for all trustworthiness levels and technical domains. This was preceded by the accreditation of the SRC test laboratory by the Deutsche Akkreditierungsstelle GmbH (DAkkS) in accordance with ISO/IEC 17025 and authorization by the NCCA.
“The notification is an important milestone for us,” says Ralf Schulze, Division Manager at SRC. “It confirms the high quality of our work and ensures that we can also provide our customers with comprehensive support in the new European certification system.”
SRC has been successfully carrying out evaluations of IT security products in the German Common Criteria scheme under the supervision of the German Federal Office for Information Security (BSI) since 2002. With the introduction of the EUCC scheme, the national Common Criteria schemes are gradually being replaced by a standardized European scheme. Manufacturers of IT security products that require Common Criteria certification can therefore continue to rely on SRC’s many years of experience and expertise.
“Our customers and partners will benefit from a smooth transition to the new EUCC scheme,” emphasizes Schulze. “Thanks to our early notification, we can continue to guarantee maximum safety and continuity in the evaluation of their products.”
Benefits and function of the EUCC scheme
The European Common Criteria Based Cybersecurity Certification Scheme (EUCC) is the new European certification system for the security of IT products. It is based on the internationally recognized Common Criteria (ISO/IEC 15408) and serves to harmonize IT security certifications within the EU. The aim is to create uniform standards for the evaluation and certification of products in order to strengthen cyber security and increase trust in digital technologies.
Manufacturers of IT security products, such as firewalls, smartcards or healthcare products, use EUCC certification to prove the conformity of their products with high security standards – a requirement that is increasingly crucial for market access in Europe and beyond.
“The EUCC scheme will create the basis for a uniform European level of trust in IT security products,” explains Schulze. “For internationally active manufacturers in particular, such certification will be an indispensable competitive advantage in the future.”
Outlook: Certification body for EUCC substantial in preparation
In addition to evaluation, SRC will also offer certification services under the EUCC scheme for the “substantial” assurance level in the near future. The accreditation and authorization of the certification body required for this are already at an advanced stage.
“Our aim is to offer our customers a comprehensive range of services from a single source,” explains Schulze. “With the future expansion to include certification services, we will be able to accompany and optimally support the entire EUCC certification process.”
About SRC Security Research & Consulting GmbH:
SRC Security Research & Consulting GmbH is a leading testing and consulting company for IT security and new technologies. Founded in 2000 as a joint venture of the German banking industry, SRC represents a central link between research and products and services supported by the banking industry. To this end, SRC pools cutting-edge know-how in the fields of IT security and information technology and provides expertise in the development, implementation and testing of secure systems. The focus is always on innovation and sustainability as well as the creation of standards for secure systems and environments.
SRC has already received a wide range of recognitions and accreditations, e.g. from the laboratory for Common Criteria assessments, various accreditations from the PCI SSC, from EMVCo, as well as listings and recognitions from the German Federal Office for Information Security.
