Tasks of a National Cybersecurity Certification Authority | Traficom
Skip to main content
National Cyber Security Center
Report incidents
Report incidents
Report incidents

Tasks of a National Cybersecurity Certification Authority

The National Cybersecurity Certification Authority (NCCA) monitors compliance with the requirements of the EU Cybersecurity Act as well as the EU-wide cybersecurity certification schemes.

Tasks and authority of the Cybersecurity Certification Authority

The EU Cybersecurity Act (CSA) makes it possible to acquire EU-wide cybersecurity certificates for ICT products, services, processes and managed security services. 
The Finnish Transport and Communications Agency Traficom acts as the NCCA (National Cybersecurity Certification Authority) defined in the EU Cybersecurity Act. 
The Finnish Transport and Communications Agency has two roles: The Agency is responsible for granting certificates at assurance level 'high' and it acts as the national supervisory authority for the EU Cybersecurity Act and the certification schemes.

The role of the Finnish Transport and Communications Agency as the NCCA has been provided for in section 304 of the Act on Electronic Communications Services (917/2014). The duties of the NCCA include monitoring and implementing the rules and requirements of the EU Cybersecurity Act and the certification schemes. The duties include

  • Tasks related to monitoring conformity assessment bodies as well as authorising the assessment bodies to grant certificates with the assurance level ‘high’
  • Monitoring certified products, services, processes and managed security services
  • Monitoring that certificate holders comply with their obligations 
  • Monitoring compliance with the requirements of EU statements of conformity
  • Processing complaints
  • Participating in the development of certification schemes and harmonising operating procedures with the NCCA functions of other Member States.
  • Cooperating with other authorities

The Finnish Transport and Communications Agency is responsible for granting certificates with the assurance level ‘high’. The granting of certificates with the assurance level ‘high’ can be delegated to a conformity assessment body, if it meets certain certification scheme specific conditions.

Page was last updated