Measures for cybersecurity are to be regulated at the European level in the future, according to the mandate of the European Commission. IT products and services may pass through a voluntary certification scheme in future under the aegis of the European IT security agency ENISA. At the beginning of this year, ENISA applied to the European Commission to extend its remit, including introducing an EU-wide program for certifying the security of IT products. This ranges from simple certification for IoT devices to complex evaluations of high-security systems such as banking applications. The significant cost differences in national certification schemes was named as an important consideration for establishing a centralized certification program.