The European Cyber Security Organisation (ECSO), a non-profit organisation whose main objective is to support initiatives and projects aimed at the development, promotion, and enhancement of European cybersecurity, has recently created the CYBERSECURITY MADE IN EUROPE label, an industry-driven marketing tool aimed at supporting the role of European cybersecurity companies and increasing their visibility in the European and global markets.
This label has been developed because of the real need for the industry to have a tool to meet its needs and fill a gap in the European cybersecurity market. Its benefits have been clear from the outset, since the label acts as a market differentiator by emphasising geographical location, and it differentiates the strategic value of European cybersecurity companies. The tool therefore serves to increase the visibility of companies not only among potential business partners, but also among end users and investors in the cybersecurity industry.
In the global cybersecurity market, where superpowers such as Russia, the US, and China are starting to dominate, Europe must step up and defend its place against the others. Especially seeing as the European market is clearly growing and is now among the top 5 in the world. In addition, its corporate and industrial network in cybersecurity is gradually gaining prominence, and so having a tool like CYBERSECURITY MADE IN EUROPE was a pressing need to enhance the value of businesses and organisations in the EU.
Application criteria for the Cybersecurity Made in Europe label
The label can only be issued by ECSO and authorised partners. Companies and organisations that wish to apply for it can do so via any of the authorised partners regardless of the country of origin of their headquarters, provided they are within the European Union.
The benefits of this label, as mentioned previously, are that it acts as a geographic market differentiator, gives strategic value to the company or organisation by giving importance to its European origin, and increases its visibility within potential cybersecurity markets. The importance of belonging to the European sector is a guarantee of quality vis-à-vis other global companies and puts European cybersecurity in its rightful place.
The label itself is based on a self-declaration made by the company as a certification tool, without an external technical audit. In addition, CYBERSECURITY MADE IN EUROPE is aimed at the industry's own companies based in Europe, not at specific cybersecurity products or services. Another advantage is that it is a quality addition along with other similar existing national labels.
All companies applying for the label must meet a number of general requirements, for example, the company must be a legal entity based in Europe AND, if it is part of a group, its headquarters must be registered in Europe. In addition, it must provide reasonable guarantees that none of its controlling structure is located outside the European area and that Europe is its main place of business, demonstrating that more than 50% of its R&D activity is cybersecurity-oriented and that more than 50% of its staff are located in the EU, EFTA, EEA, and UK. Finally, the company must declare that it complies with the basic requirements defined by ENISA, including statements that none of the products or solutions offered contain backdoors, together with a statement regarding its data and privacy, indicating that it complies with the GDPR (General Data Protection Regulations).
Spain only has one partner authorised to issue the label, Cybasque. By country, the number of ECSO organisations that can issue the label are:
- Bulgaria (1). Union for Private Economic Entreprise (UPEE).
- Denmark (1). Center for Defence, Space & Security (CenSec).
- Slovaquia (1). Cyber Security Competence and Certification Centre (KCCKB).
- Spain (1). Asociación de empresas vascas de ciberseguridad (Cybasque).
- Finland (1). Finnish Information Security Cluster (FISC).
- Italy (2). National Interuniversity Consortium for Informatics (CINI), y National Research Council of Italy (CNR).
The application form for companies wishing to obtain the label must be sent completed and signed to ECSO or the chosen partner, together with the following documents:
- Information sheet on the company, including the declaration of ownership, majority shares and proof that most of its R&D activities are conducted in Europe (document to be prepared by the company itself, since there is no specific form to that effect)
- ENISA ICT Security Declaration of Conformity, including description of the 10 points requested. This statement must be submitted along with the application form.
- Letter signed by the CEO or authorised signatory for the company (with power of attorney), stating the accuracy of the information provided on the application form.
- Letter of commitment to pay the fee for the issuance of the label.
For more information about CYBERSECURITY MADE IN EUROPE, its features and how to obtain it for companies and organisations, please visit the ECSO website or contact one of the partners listed above.