Apply for the label

The Cybersecurity Label is a simple way for a company to communicate its responsibility to consumers in information security matters. See the For Companies sectionfor more information on the benefits of the label and the related costs.

A prerequisite for obtaining the Cybersecurity Label is that the product or service is protected against the most common threats targeting IoT devices. You can read more about the requirements here.

Once you have read the instructions, fill in the application form that includes a self-assessment. You can find the form here. Send the form by email at cybersecuritylabel@traficom.fi

Experts at the NCSC-FI at Traficom go through the self-assessment form and comment on any deficiencies in the device’s security features. If our experts consider that the information provided on the form is sufficient and meets the requirements, you can proceed to the next phase of the application process: testing and auditing.

To be granted the Cybersecurity Label, the product or service must pass the required interface tests and an evaluation of whether it meets the requirements of the Cybersecurity Label.

The applicant company receives a summary of the security deficiencies detected during interface testing and the evaluation, if any. If the deficiencies are easy to fix or there are none, the product or service is granted the right to use the Cybersecurity Label.

After the Cybersecurity Label has been granted, the company may use the label with the product or service in question and in its marketing and communication channels. The product or service is also added to the Cybersecuritylabel.fi website.

The Cybersecurity Label is subject to annual reviews. The annual review includes a check as to whether the information security features of the product have changed.