GMV has reached a major milestone in cybersecurity with its GNSS Cryptographic Module becoming the first product to receive the EUCC (EU Cybersecurity Certification Scheme on Common Criteria) certificate at the substantial assurance level. This achievement marks a significant step forward not only for GMV but also for the broader European cybersecurity certification landscape.

The GMV GNSS Cryptographic Module is a software library designed for Linux platforms, providing advanced cryptographic services for GNSS client applications. Its functionalities are particularly relevant for secure positioning and timing services, such as those enabled by the Galileo OSNMA (Open Service Navigation Message Authentication).

The certification for GMV’s product was issued by DEKRA, a private Certification Body accredited by ENAC (the Spanish NAB) both as a CAB and ITSEF, with the support of CCN (Spain’s NCCA). This also highlights the opening of the certification ecosystem to private actors, moving beyond the historically public-only framework of SOG-IS.

Achieving EUCC certification at this level delivers multiple benefits: it validates the product’s cybersecurity robustness, supports regulatory compliance—including alignment with the upcoming Cyber Resilience Act—enhances trust in the supply chain, and boosts GMV’s competitiveness in both public and commercial markets.

This certification reinforces GMV’s long-standing commitment to secure-by-design solutions and its leading role in the development of trustworthy technologies for European strategic sectors, particularly in space and navigation.

About the EUCC scheme

The EUCC scheme, developed under the EU Cybersecurity Act, offers a harmonized framework for certifying ICT products in terms of their cybersecurity properties. It defines three levels of assurance: basic, substantial, and high, although EUCC currently applies only to the last two. The substantial level allows Conformity Assessment Bodies (CABs), accredited by a National Accreditation Body (NAB), to evaluate and certify products as Information Technology Security Evaluation Facilities (ITSEFs). For high assurance level certifications, additional authorization by a National Cybersecurity Certification Authority (NCCA) is required. 

More info