Apply for the label

Applying for the Cybersecurity Label is easy


Learn about the Cybersecurity Label’s benefits and costs

The Cybersecurity Label is a simple way for a company to communicate its responsibility to consumers in information security matters. See the For Companies sectionfor more information on the benefits of the label and the related costs.


Learn about the rules and requirements

A prerequisite for obtaining the Cybersecurity Label is that the product or service is protected against the most common threats targeting IoT devices. You can read more about the requirements here.


Fill in the self-assessment form

Once you have read the instructions, fill in the application form that includes a self-assessment. You can find the form here. Send the form by email at


Traficom examines the self-assessment

Experts at the NCSC-FI at Traficom go through the self-assessment form and comment on any deficiencies in the device’s security features. If our experts consider that the information provided on the form is sufficient and meets the requirements, you can proceed to the next phase of the application process: testing and auditing.


Information security testing and evaluation

To be granted the Cybersecurity Label, the product or service must pass the required interface tests and an evaluation of whether it meets the requirements of the Cybersecurity Label.


Decision and possible recommendations for corrective action

The applicant company receives a summary of the security deficiencies detected during interface testing and the evaluation, if any. If the deficiencies are easy to fix or there are none, the product or service is granted the right to use the Cybersecurity Label.


Using the Cybersecurity Label

After the Cybersecurity Label has been granted, the company may use the label with the product or service in question and in its marketing and communication channels. The product or service is also added to the website.



The Cybersecurity Label is subject to annual reviews. The annual review includes a check as to whether the information security features of the product have changed.