Certification services
Certify your IT products to demonstrate compliance with a wide range of schemes and regulations relevant to your market.
Welcome to Brightsight CB
With decades of experience in the field, Brightsight is a trusted partner for numerous developers and manufacturers. You know us for our evaluation services, but did you know we also offer certification services through the newly established Certification Body within Brightsight?
Brightsight CB offers certification services of IT security products, helping you gain the trust and confidence of your customers.
Impartiality: our promise to you is simple
At Brightsight CB, impartiality and integrity are at the core of our business. Since both the ITSEF and the CB are part of Brightsight, we have implemented many strict measures to ensure impartiality.
Our promise to you is simple: we will never compromise on impartiality and integrity. Any infraction will have serious consequences for our accreditation and authorization status, ensuring that we remain a trusted and reliable partner for your certification needs.
Director Certification Body
"Impartiality and integrity are at the core of our business."
Our certification scope
Brightsight CB will enable you to demonstrate the compliance of your products with the following schemes and methodologies:
Introduction to EUCC
The European Union Cybersecurity Certification (EUCC) is a framework designed to enhance the security of digital products, services, and processes within the EU. It aims to establish a unified approach to cybersecurity certification, ensuring that certified products meet high security standards. Certification is possible at two assurance levels: Substantial and High.
EUCC is based on the international Common Criteria standard (ISO/IEC 15408). The EUCC provides a harmonised framework within the EU for assessing and certifying the security properties of IT products. An EUCC certificate is recognised throughout the EU, eliminating the need for certification per individual member state.
EUCC is closely linked to the Cybersecurity Act (CSA). The CSA establishes the framework for the EUCC, which is a certification scheme aimed at ensuring the cybersecurity of ICT products within the European Union.
The Rijksinspectie Digitale Infrastructuur (RDI) serves as the National Cybersecurity Certification Authority (NCCA) in the Netherlands. In this role, the RDI is responsible for overseeing the implementation of the EUCC framework at the national level.
Brightsight CB
On 20 November 2025, Brightsight CB obtained an accreditation as a Certification Body (CB) for the Common Criteria-based cybersecurity certification scheme (EUCC) by the Dutch National Accreditation Council, Raad voor Accreditatie (RvA).
On 2 December 2025, Brightsight got licensed by the Dutch NCCA as Conformity Assessment Body (CAB) in the role of a CB. This means Brightsight’s facility in Delft, the Netherlands is authorized not only to perform independent certification activities under the EUCC scheme, but also to issue certificates that are recognized under the the Common Criteria Recognition Arrangement (CCRA).
Within the EUCC scheme, Brightsight CB can certify the ICT products for the assurance levels Substantial and High up to EAL5+ within the following technical domains:
- Smartcards and similar devices (up to and including AVA_VAN.5)
- Hardware devices with security boxes (up to and including AVA_VAN.5)
- Generic software and network products (up to and including AVA_VAN.3)
Contact details
- Trespaderne 29, Edificio Barajas I, Barrio Aeropuerto 28042 Madrid Spain
- Email: brs.certification@sgs.com Tel: +31 15 269 25 00 Web: www.brightsightcb.com
Our certification process
Downloads
Ongoing EUCC certifications
| Certificate ID | Developer | TOE Name | Technical domain | Assurance level |
|---|---|---|---|---|
EUCC certificates
| Certificate ID | Issue date | TOE name | Developer | Evaluation lab | Assurance level | Certificate | Certification Report | Security Target |
|---|---|---|---|---|---|---|---|---|
| EUCC-3100-2026-7001701 | 10 April 2026 | NXP MF0AES(H)x0, NT2H2xy1G and NT2H2xy1S, release B0 | NXP Semiconductors Germany GmbH | Brightsight ITSEF | Substantial (EAL3 + ALC_FLR.2) |  |  |  |
EUCC licensed laboratories
Brightsight CB is working with the following licensed evaluation laboratories (ITSEFs).
Brightsight ITSEF
EUCC assurance levels Substantial and High for the technical domains:
- Smartcards and similar devices, up to and including AVA_VAN.5 (location Madrid up to and including AVA_VAN.3)
- Hardware devices with security boxes, up to and including AVA_VAN.5 (location Madrid up to and including AVA_VAN.3)
- Generic software and network products, up to and including AVA_VAN.3
Licensed laboratories
- Brightsight Delft
Brassersplein 2
2612 CT Delft
The Netherlands
- Brightsight BarcelonaPlaça de Xavier Cugat 2
Edifici A, 2º-B
08174 Sant Cugat del Vallès (Barcelona)
Spain
- Brightsight MeyreuilRue de la Belle du CanetArteparc Meyreuil – Immeuble F
13590 Meyreuil
France - Brightsight GrazMälzereigasse 48020 Graz
Austria - Brightsight MadridTrespaderne 29Edificio Barajas I Barrio AeropuertoES28042 MadridSpain
Introduction to SESIP
The Security Evaluation Standard for IoT Platforms (SESIP), published by GlobalPlatform and CEN CENELEC, provides an optimised version of the Common Criteria methodology applied to certification of IoT platforms and their components. Developers can trust that SESIP certified platforms and components will deliver the correct levels of security, enabling them to focus on their primary goal of delivering robust and secure products by design.
SESIP offers a scalable solution to reduce security fragmentation in IoT devices by allowing a single evaluation to provide evidence for multiple certification requirements. This simplifies the process and eliminates the need for multiple security evaluations. SESIP certification aligns with global standards such as IEC 62443-4-2, ISO 21434 and the Cyber Resilience Act.
Brightsight CB
Scope of license: SESIP 1-3
Brightsight CB for SESIP is located in Madrid, Spain. It has been designated by GlobalPlatform as SESIP Certification Body for assurance levels 1 to 3.
This facility is accredited by ENAC, the Spanish National Accreditation Body, under ISO 17065 (nº: 220/C-PR490) as a Certification Body (CB) for SESIP certification issuance.
These two roles operate impartially and independently, ensuring that Brightsight CB’s certification processes remain transparent and unbiased.
Contact details
- Trespaderne 29, Edificio Barajas I, Barrio Aeropuerto 28042 Madrid Spain
- Email: brs.certification@sgs.com Tel: +31 15 269 25 00 Web: www.brightsightcb.com
Our certification process
SESIP certificates
| Certificate ID | Issue date | TOE name | Developer | Evaluation lab | Assurance level | Certificate | Security Target |
|---|---|---|---|---|---|---|---|
| SESIP-25/0001 | 10 June 2025 | STM32MP13xx advanced Arm®-based 32-bit MPUs version 1.2 | STMicroelectronics | Brightsight ITSEF | SESIP 3 | | |
SESIP licensed laboratories
Brightsight CB is working with the following licensed evaluation laboratories (ITSEFs).
Fully Licensed Laboratories (ITSEFs):
SGS Brightsight Barcelona S.L.
Plaza Xavier Cugat 2
Sant Cugat del Valles
08174 Barcelona
Spain
Provisionally Licensed Laboratories (ITSEFs):
SGS Brightsight China LLC
Room 908, Building 3,
No. 18 Fengtai North Road, Fengtai District,
Beijing City 100071,
China
Introduction to PSA Certified
PSA Certified, operated by GlobalPlatform, is the independent security evaluation scheme for Platform Security Architecture (PSA) based IoT systems. It establishes trust through a multi-level assurance program for chips containing a security component called a Root of Trust (PSA-RoT) that provides trusted functionality to the platform.
The multi-level scheme has been designed to help device makers and businesses get the level of security they need for their use case. It is aimed at IoT devices that need to protect against scalable software attacks. Developers submit their PSA-RoT to an approved test laboratory for evaluation and receive an Evaluation Technical Report (ETR). If the PSA-RoT is assessed as passed and approved by the independent Certification Body, a digital certificate will be issued on the PSA Certified website.
PSA Certified security evaluations can contain both hardware and software components of a device. There are three defined certification scopes: Chip, RTOS (System Software), and Device.
Brightsight CB
Scope of license: PSA Certified 1-4
Brightsight CB is appointed by Global Platform as PSA Certified certification body for Level 1-4.
Brightsight CB and Brightsight ITSEF operate impartially and independently, ensuring that Brightsight CB’s certification processes remain transparent and unbiased.
Contact details
- Trespaderne 29, Edificio Barajas I, Barrio Aeropuerto 28042 Madrid Spain
- Email: brs.certification@sgs.com Tel: +31 15 269 25 00 Web: www.brightsightcb.com
Our certification process
PSA Certified certificates
The overview of all PSA Certified certificates is published on psacertified.org
PSA Certified licensed laboratories
Fully Licensed Laboratories (ITSEFs):
SGS Brightsight Barcelona S.L.
Plaza Xavier Cugat 2
Sant Cugat del Valles
08174 Barcelona
Spain
Provisionally Licensed Laboratories (ITSEFs):
SGS Brightsight China LLC
Room 908, Building 3,
No. 18 Fengtai North Road, Fengtai District,
Beijing City 100071,
China
Introduction to ENS
Spain’s digital infrastructure is protected by a robust regulatory framework designed to safeguard information systems in the public sector, as well as private entities working alongside government bodies. At the heart of this landscape is the National Cryptologic Center (CCN), established by Royal Decree 421/2004 and operating under the National Centre of Intelligence (CNI).
The Spanish National Security Scheme (Esquema Nacional de Seguridad, or ENS) provides a framework of security requirements to safeguard information within electronic administration. Its goal is to ensure the protection of personal and confidential data exchanged through online channels, thereby strengthening trust in digital public services. Compliance with ENS standards demonstrates that your information systems are secure, reliable and meet both industry and governmental requirements.
The ENS divides system requirements into three security categories – High, Medium, and Basic – ensuring tailored security for each use case. The Basic category can be achieved by a self-declaration. The Medium and High categories require certification from an accredited Certification Body (CB).
To streamline compliance, the CPSTIC Product Catalogue – managed by the CCN – serves as an authoritative listing of security products and services for information and communication technology (ICT) systems under the ENS. It helps public and private entities find security products and services for information and communication technology (ICT) systems under the ENS.
Brightsight CB
As an ENAC-accredited Certification Body (see English or Spanish), Brightsight CB manages the entire certification lifecycle, including initial auditing, technical review, and certificate issuance.
ENS certification is valid for up to two years, and per Article 38 of the ENS, all systems must undergo a comprehensive audit at least biennially to remain compliant. Our certification process rigorously assesses your information systems against the principles and requirements set out in Annex II of Royal Decree 311/2022.
ENS certificates
The ENS certificates are published on the National Cryptographic Center (CCN) website.
Our certification process
Downloads
Start your certification process with Brightsight
Get in touch with our experts today to learn how we can help you with your specific certification process.
Download our GPG key to send encrypted message to the CB.