Thales has become one of only two companies to be awarded a new kind of EU-wide certificate for a cybersecurity-related product. It received an EU Cybersecurity Common Criteria (EUCC) certificate for its Smart Tachograph G2 smart card – just six weeks after the new regulation entered into force.

By achieving the certification, Thales demonstrated its commitment to meet the EU’s stringent new industry cybersecurity requirements and to offer the highest assurance level standards to customers.

Thales’s Smart Tachograph G2 is a monitoring smart card installed in trucks. It records speed, distance, driving periods and breaks to ensure that companies follow rules to keep drivers safe.

The EUCC certification scheme starts a new era for cybersecurity assurance in Europe. In 2019, the EU introduced the Cybersecurity Act. Among its key aims was to deploy a unified cybersecurity certification approach at European level. One of the new schemes is the EUCC, which is used to assess Information and Communication Technology (ICT) products such as technological components (e.g. chips and smart cards), hardware and software.

The EUCC gives suppliers a certificate to prove their products are compliant and have reached the highest level of cybersecurity. The new certification process derives from the SOG-IS Common Criteria evaluation framework already used across 17 EU Member States.

While the EU Agency for Cybersecurity (ENISA) oversees the EUCC, national bodies remain in charge of implementing the certification process and issuing CC certificates. In the case of Thales' Tachograph G2, the process was managed by the French National Cybersecurity Agency (ANSSI).

European cybersecurity stakeholders have been working on the EUCC scheme for many years. The European Commission adopted it in January 2024, and Member States were able to deliver EUCC certificates from February 27th, 2025.

EUCC will replace the existing SOG-IS framework following a transition period that ends in February 2026. Certificates are valid for five years, subject to maintenance and surveillance conditions.
 

“We are delighted to be one of the two first companies to receive an EUCC certificate for a product. As a world leader in cybersecurity, Thales always strive to meet new industry standards. For this reason, we were excited to submit our Tachograph G2 for certification. We believe EUCC is a major breakthrough for the industry. We look forward to submitting more products over the coming months.”
Christine Crippa Martinez, Senior Cyber Security Manager at Thales.