A collective effort to combat cybersecurity threats & enhance resilience across borders
About NCCA Cyprus
Our Background & Role
The Digital Security Authority (DSA) of Cyprus has been designated by the Council of Ministers as the National Cybersecurity Certification Authority (NCCA), in accordance with the EU Regulation 2019/881 regarding the Cybersecurity Act to ensure the effective implementation, supervision, and enforcement of European cybersecurity certification schemes for ICT Products and Services.
As the National Cybersecurity Certification Authority, NCCA Cyprus is responsible for overseeing and enforcing rules included in European cybersecurity certification schemes within the country. Our primary role includes:
- Supervision and Enforcement: Monitoring the compliance of ICT products, services and processes with the requirements of the European cybersecurity certificates that have been issued in Cyprus, in cooperation with other relevant market surveillance authorities.
- Monitoring Compliance: Enforce the obligations of the manufacturers or providers of ICT products, services or processes and that carry out conformity self-assessments to ensure they adhere to corresponding European cybersecurity certification scheme.
- Supporting Accreditation Bodies: Assist the National Accreditation Body (NAB) in the supervision and monitoring of the activities of Conformity Assessment Bodies (CABs).
- Authorising: Where applicable, authorise Conformity Assessment Bodies and restrict, suspend or withdraw existing authorisation.
- Handling Complaints: Investigate and handle complaints by natural or legal persons in relation to European cybersecurity certificates.
- Staying Current: Keeping track of new developments in the field of cybersecurity certification.
Our Responsibility
We are responsible to ensure that all Conformity Assessment Bodies, holders of a European cybersecurity certificate and issuers of EU statements of conformity follow the rules of the European cybersecurity certification schemes in Cyprus, To ensure this, various powers have been assigned to the NCCA:
- The ability to request information and conduct investigations (such as audits) to verify compliance with certification schemes.
- Accessing premises of conformity assessment bodies or certificate holders to verify adherence to the required standards.
- Withdrawing cybersecurity certificates if a product, service, or process fails to meet certification criteria.
- Imposing penalties, in line with national law, for non-compliance with cybersecurity obligations.
OUR MISSION & VISION
The National Cybersecurity Certification Authority (NCCA) aims to promote the widespread adoption of cybersecurity certification for products and services within the information technology and communication sectors.
We want to develop advanced infrastructure fostering expertise and facilitating collaboration with international stakeholders, ultimately positioning Cyprus as a leading centre for cybersecurity excellence in the region.
Our obligations
As NCCA Cyprus we have specific obligations under the EU Cybersecurity Act (CSA) to ensure effective coordination and compliance at both the national and European levels. Our responsibilities towards the European Commission, European Union Agency for Cybersecurity (ENISA), and the European Cybersecurity Certification Group (ECCG) are central to maintaining transparency, standardization, and security across the European Union’s cybersecurity landscape.
Our obligations include:
- Actively participating in the ECCG
- Reporting annually on our activities to the ENISA and the ECCG.
- Notifying the European Commission about accredited and authorised Conformity Assessment Bodies (CABs) under each European cybersecurity certification scheme.
- Participating and be subject to Peer Reviews, helping to achieve equivalent standards throughout the Union.
COMMISSIONER'S MESSAGE
NCCA is committed to strengthening the relevant capabilities of the Republic of Cyprus aspiring to establish the nation as a Regional Hub for cybersecurity certification.