That was the concern that many developers and manufacturers had shared with us over the last few months.  With no explicit “site certification” defined in the EUCC Regulation, some feared that the informal yet highly practical mutual-recognition arrangement known as the “SOGIS-MRA site certification agreement” would cease to exist.

This concern is understandable, but it has already been solved by TrustCB.

We have seen this situation before: SOGIS and STAR Re-use

Under SOGIS, site certification was never formally part of the official scheme either. Yet more than a decade, the major European certification authorities, Dutch NSCIB, French ANSSI, German BSI, and Spanish CCN, have operated with a practical, working-level agreement: They agreed to accept each other’s STARs as valid input for their own product evaluations. That was the birth of a de facto recognition model for site audits.

Nothing changes from SOGIS to EUCC.

One thing is certain: EUCC does not eliminate independent site certification. The move to EUCC does not change the underlying need. Developers need to be able to certify the sites at a manageable interval, with the certainty that the results can be used across product evaluations for different schemes. EUCC, as the pioneering European scheme, is prepared to cooperate to ensure continuity.

TrustCB took the Initiative

To avoid uncertainty for developers, TrustCB stepped forward early. We initiated discussions with the major national schemes that were historically part of the SOGIS STAR acceptance group. Our goal was to make sure that site certifications can continue, with mutual acceptance, under the EUCC framework. This took some time.

These discussions have been positive, and there is clear alignment. The same practical agreement that existed under SOGIS will continue under EUCC. Manufacturers will still be able to rely on a single site audit, which can be part of a Product certification or a TrustCB site certification. The major certification bodies will continue to accept well-established, high-quality site evidence through the EUCC STAR methodology.

Introducing the TrustCB Site Certification Scheme

To support industry transition and maintain stability, TrustCB is launching its own Site Certification Scheme, fully aligned with EUCC requirements and ready for recognition across cooperating schemes. This scheme is built on the NSCIB site-audit framework, ensuring continuity with the recognised practice used for STAR acceptance under SOGIS as the ecosystem transitions to EUCC.

In practice, nothing significant has changed.

The details of the site certification scheme are available at:
https://trustcb.com/common-criteria/site-certification/

Conclusion

The transition to EUCC is a major step for the European cybersecurity certification landscape. But it should not disrupt the successful practices that have supported high-assurance evaluations for more than a decade.
TrustCB is proud to take leadership in ensuring continuity, clarity, and predictability through a practical Site Certification Scheme built for the EUCC era.

With kind regards,

Alireza Rohani, scheme lead for the TrustCB site certification scheme

[email protected]