
Overview of Cyber Trust Labels
There are four distinct quality levels of the label in order to be able to cover different target groups. The quality levels differ in terms of their security claim and the degree of assurance of the review (assurance level).
Target Groups SMEs who take cybersecurity seriously and want to show that to its customers. Suppliers of Operators of essential Services according to §16 NIS-Law (BGBL Nr. 111/2018) in less critical areas | Target Groups Large companies and corporates. Suppliers of Operators of essential Services according to §16 NIS-Law (BGBL Nr. 111/2018) in more critical areas (e.g. software companies, processors of sensitive data, etc.) | Target Groups Large companies and corporates. Suppliers of Operators of essential Services according to §16 NIS-Law (BGBL Nr. 111/2018) in more critical areas (e.g. software companies, processors of sensitive data, etc.) | Target Groups Important entities according to Directive (EU) 2022/2555 (NIS 2), which must meet the requirements of Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024, as well as all other companies that support advanced security standards |
Basis KSV1870 Cyber Risk B Rating | Basis KSV1870 Cyber Risk A Rating | Basis KSV1870 Cyber Risk A+ Rating | Basis Implementing Regulation (EU) 2024/2690 of 17 October 2024 |
Assurance Level Validated Self-declaration | Assurance Level Validated Self-declaration | Assurance Level Validated Self-declaration plus external Audit | Assurance Level Completion of a questionnaire with validation and selective evidence review; agreement to the possible performance of a random inspection audit |
Assurance Method Answering a questionnaire with validation; acceptance of possible random surveillance audits, conduction of an automated web risk scoring | Assurance Method Answering a questionnaire with validation; acceptance of possible random surveillance audits, conduction of an automated web risk scoring | Assurance Method Evidence based audit by a qualified auditor (QuaSte accreditation); conduction of an automated web risk scoring | Assurance Method Answering a questionnaire with validation and selective evidence check; acceptance of possible random surveillance audits |
Security Claim Baseline Security | Security Claim Advanced Security | Security Claim Advanced Security | Security Claim Advanced Security |
Number of Criteria 14 | Number of Criteria 25 | Number of Criteria 25 | Number of Criteria 50 |
Requirements Questionnaire B-Rating | Requirements Questionnaire A-Rating | Requirements Questionnaire A-Rating | Requirements According to Implementing Regulation (EU) 2024/2690 |
Report Summary of all questions and answers, as well as an assessment by the validator, including reasons for rejections | Report Summary of all questions and answers, as well as an assessment by the validator, including reasons for rejections | Report Summary of all questions and answers, as well as an assessment by the validator, including reasons for rejections | Report Comprehensive report on the validated self-declaration on all requirements of the Implementing Regulation (EU) 2024/2690 with an assessment and evaluation of your information by a qualified validator, including recommendations for improvement measures where necessary. For submission as a (validated) self-declaration to the NIS authority.** |
Label Requirements Valid KSV1870 CyberRisk B-Rating of 190 or better | Label Requirements Valid KSV1870 CyberRisk A-Rating of 190 or better | Label Requirements Valid KSV1870 CyberRisk A+ Rating of 190 or better | Label Requirements Achievement of 85% fulfillment of the requirements questionnaire or more |
Validity Period 1 Year | Validity Period 1 Year | Validity Period 1 Year | Validity Period 1 Year |
Label Fee (1st Year) 950€ | Label Fee (1st Year) 1890€ | Label Fee (1st Year) 1990€ | Label Fee (1st Year) 4900€ |
Label Fee (Following Years) 900€ | Label Fee (Following Years) 1750€ | Label Fee (Following Years) 1850€ | Label Fee (Following Years) 2900€ |
Audit Fee - | Audit Fee - | Audit Fee According to audit partner | Audit Fee - |
Renewal Process Renewed answering of the questionnaire* | Renewal Process Renewed answering of the questionnaire* | Renewal Process Renewed Audit* | Renewal Process Renewed answering of the questionnaire as delta consideration |
Not sure which label is right for your business?
Let our experts advise you free of charge.
*The requirement criteria are subject to annual review and adjusted as necessary.
**Completeness guarantee: If the authority's requirements regarding the form and content of the self-declaration change, we will expand/adapt this for you at no extra cost (at the latest by the next run).
**Completeness guarantee: If the authority's requirements regarding the form and content of the self-declaration change, we will expand/adapt this for you at no extra cost (at the latest by the next run).