Abstract
The Interent of Things (IoT ) devices and IoT market are growing globally, and there is no sign of slowing down. The number of connected devices globally is expected to rise from 23bn in 2018 to 75bn by 2025, and yet the security of such devices is often poorer than information security professionals pros would naturally expect. There are many examples of those devices in our daily life, from garage doors that can be opened with a remote control or mobile applica-tion, to smart TVs, smartphones, smart watches, smart fridges and so on. It has been argued that IoT has the potential to facilitate or obstruct the further evolution of the Fourth Industrial Revo-lution; largely depending upon whether it is used or abused. High profile IOT attacks in recent years like Mirani Botnet have shown all the vulnerability of IoT devices and all the harm that they can cause. Current legal frameworks in the majority of countries in the world are not adequate to deal with threats and danger that IoT brings, and there is a justified fear that if there is no regulatory ap-proach to IoT devices, things will spiral, and it will only get worse. Realizing the full potential of IoT for the economy and the future, as well the danger that IoT brings, the EU has made an attempt to enhance its cyber resilience and to advance the cybersecurity of the IoT devices, ser-vices and products by adopting EU Regulation 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regula-tion (EU) No 526/2013 (Cybersecurity Act) OJ L151/15. The focus of the present thesis will be on the European Cybersecurity Certification Framework which is the vital part of the Cybersecurity Act. In particular, the thesis will discuss how the Framework may improve cybersecurity in the EU and build trust in IoT devices.