2
min reading time
CCLab Ltd. has successfully completed the CBTL audit and obtained authorization as a CB Testing Laboratory (CBTL) under the international IECEE CB scheme. Based in Hungary, CCLab successfully extended its cybersecurity testing, evaluation, and certification capabilities officially on 24th May, 2024, for consumer IoT devices compliant with ETSI EN 303 645 and industrial automation and control systems specialized in IEC 62443-4-1 /4-2 standards within the IECEE CB scheme. Certificates issued under the CB scheme are currently accepted in over 50 countries.
CCLab Ltd., in collaboration with QIMA Germany, is one of the first international National Certification Bodies (NCB) and CB Testing Laboratories (CBTL) to receive accreditation under the IECEE (International Electrotechnical Commission System for Conformity Testing and Certification of Electrical Equipment) CB (Certification Bodies) scheme for ETSI EN 303 645 standard - “Cybersecurity for Consumer IoT devices (CIoT)”- as well as the IEC 62443-4-1 and 4-2 standards for industrial automation and control systems. The IECEE CB scheme now officially recognizes CCLab to conduct tests according to the relevant standards for CIoT products or industrial control systems, and to issue CB certificates and test reports on compliance with the standards above. CB Scheme is the largest certification system for electrical devices, where the certificates are accepted in more than 50 member countries.
ETSI EN 303 645 is a globally recognized standard that defines critical cybersecurity requirements for consumer IoT devices and serves as the basis for developing IoT certification schemes in various regions.
Compliance with the standard involves the evaluation of 33 provisions during the device’s cybersecurity assessment by the testing laboratory, based on the 3 documents specified in the standard. These documents include the Implementation of eXtra Information for Testing (IXIT), Implementation Conformance Statement (ICS), and Device Under Test (DUT), where the latter provides detailed information for the tested device’s identification.
IEC 62443 is an international series of standards that regulates the cybersecurity of industrial automation and control systems (OT, Operational Technology). Sub-parts 62443-4-1 and 62443-4-2 of IEC 62443, collectively define technical guidelines for improving the cybersecurity of industrial control systems.
Part 4-2 of the IEC 62443 contains the cybersecurity requirements for control systems and components, while Part 4-1 specifies the requirements for the secure development life cycle of these products. The standard family helps protect industrial systems by providing measures for defending against cybersecurity threats and ensuring compliance.
The IECEE CB scheme provides a global framework for mutual acceptance of test reports and certificates regarding the safety of electrical and electronic components, equipment, and products at an international level. The scheme facilitates the entry of products with CB certification and test reports into global markets, significantly reducing manufacturers’ costs and easing international trade.
Through inclusion in the CB scheme, CCLab has further expanded its service portfolio for cybersecurity evaluation and certification of the aforementioned categories, offering even greater value to its clients. Cybersecurity is a horizontal requirement category, like EMC, within the CB scheme that can be applied to every connected device. Thanks to services according to ETSI EN 303 645 and IEC 62443-4-1/4-2 standards, the tested products can get internationally recognized certification, guaranteeing compliance with the latest cybersecurity requirements for protecting sensitive data, users and the environment.
Your key to unlocking simplicity in ETSI 303 645 compliance
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
Imagine this: weeks from launching a connected device in Europe, hardware set, software frozen, marketing ready, then a wall. A Notified Body flags missing cybersecurity evidence under the Radio Equipment Directive (RED). The fix? A costly, months-long redesign. This happens more often than teams expect. Last-minute failures on cybersecurity aren’t always due to weak security, but missing evidence or test docs RED demands. And it’s not just Europe, globally, security rules are tightening, and buyers are asking tougher questions before contracts. RED’s Articles 3.3(d), 3.3(e), and 3.3(f) are shaping secure-by-design norms worldwide. Manufacturers treating them as a baseline not only pass audits but gain an edge. Embedding these principles early cuts risk, streamlines compliance, and proves to customers that security isn’t an afterthought. Let’s unpack why.
8
min reading time
As Europe advances its digital transformation agenda, securing its technological infrastructure has become a top priority. At the center of this ambition lies the European cybersecurity certification ecosystem. Most notably, the European Cybersecurity Certification Scheme (EUCC). Designed to harmonize security assurance practices across EU member states, EUCC is the first concrete step under the EU Cybersecurity Act to create a unified framework for certifying ICT products and services. But while EUCC represents a major achievement in digital sovereignty, a crucial question remains: Is it enough? This article explores what the European Cybersecurity Certification does well, where its current limitations lie, and what additional steps are necessary to create a truly resilient cybersecurity landscape across Europe.
7
min reading time
On March 21, 2025, a special event took place at CCLab’s headquarters in Budapest, Hungary: we had the pleasure of welcoming the delegation of WonSec Technology, and together we signed a strategic cooperation agreement focused on the EU Cybersecurity Certification Scheme on Common Criteria (EUCC). This partnership marks a milestone not only for CCLab but for the broader European certification ecosystem as well. Our joint goal is to support the secure and compliant entry of ICT products and services into the European market, especially in light of the soon-to-be mandatory EUCC requirements.
3
min reading time