FantasticSearch

1. The Commission shall publish a Union rolling work programme for European cybersecurity certification (the ‘Union rolling work programme’) that shall identify strategic priorities for future European cybersecurity certification schemes.

2. The Union rolling work programme shall in particular include a list of ICT products, ICT services, ICT processes and managed security services, or categories thereof, that are capable of benefiting from being included in the scope of a European cybersecurity certification scheme.

5. The first Union rolling work programme shall be published by 28 June 2020. The Union rolling work programme shall be updated at least once every three years and more often if necessary.

3. Inclusion in the Union rolling work programme of specific ICT products, ICT services, ICT processes, or managed security services, or categories thereof, shall be justified on the basis of one or more of the following grounds:

(a) the availability and the development of national cybersecurity certification schemes covering a specific category of ICT products, ICT services, ICT processes or managed security services and, in particular, as regards the risk of fragmentation;

(b) relevant Union or Member State law or policy;

(c) market demand;

(ca) technological developments and the availability and development of international cybersecurity certification schemes and international standards and standards used by the industry;

(d) developments in the cyber threat landscape;

(e) request for the preparation of a specific candidate scheme by the ECCG.

4. The Commission shall take due account of the opinions issued by the ECCG and the Stakeholder Certification Group on the draft Union rolling work programme.