Kryptus, one of the world’s leading manufacturers of Hardware Security Modules (HSMs), is pleased to announce that its kNET HSM has obtained Common Criteria (ISO/IEC 15408) certification under the Protection Profile (PP) EN 419221-5:2018 with EAL4+, thereby further strengthening its capabilities for Public Key Infrastructure (PKI) and meeting the essential technical requirements for Qualified Signature Creation Device (QSCD) certification under the eIDAS Regulation. This achievement reinforces the company’s compliance with European security standards for electronic identification and trust services and supports its growth across multiple markets in the region.

The Common Criteria certification ensures that the kNET HSM meets stringent security requirements for storing and protecting cryptographic keys, authenticating users, and maintaining the integrity of digital transactions. Recognised under the Common Criteria Recognition Arrangement (CCRA), this evaluation signifies that the product is valid in all signatory countries, including much of Europe. This positions the kNET HSM as a trusted option for governments, financial institutions, and organisations requiring robust protection in PKI applications and qualified digital signatures.

Complementing this, the Protection Profile EN 419221-5:2018 defines specific technical and security requirements for secure signature creation devices, as mandated by the eIDAS Regulation. This profile ensures that the kNET HSM safeguards cryptographic keys and enables trusted qualified electronic signatures, aligning with the highest standards of security essential for regulatory compliance and secure transactions in the European Union.

“Achieving Common Criteria certification for the kNET HSM is a major milestone for Kryptus, confirming that our solutions align with the highest international security standards, essential for critical applications,” says Lucas Martins, CTO at Kryptus. “This recognition is especially important for the European market, where eIDAS compliance and the adoption of QSCD-certified devices are key differentiators.”

With this certification, Kryptus bolsters its ability to deliver advanced solutions across the entire digital identity and electronic signature ecosystem in Europe. “The Common Criteria validation, under the CCRA, boosts our presence in countries where digital security is paramount, enabling interoperability and mutual recognition of our solutions,” adds Martins. As a result, Kryptus further demonstrates its commitment to providing reliable and highly secure products, contributing to the evolution of digital trust infrastructure on a global scale.

About Kryptus

Kryptus is a multinational company specializing in cybersecurity and cryptography solutions, with expertise in Hardware Security Modules (HSMs), cyber defense, and managed security services. Serving governments, defense sectors, and regulated industries, Kryptus delivers high-performance, sovereign technologies aligned with international standards such as Common Criteria and FIPS. Headquartered in Brazil, with a subsidiary in Switzerland, the company provides innovative and compliant solutions for Public Key Infrastructure (PKI), digital identity, and critical environments worldwide. For more information, visit www.kryptus.com.

 

Learn More About Common Criteria and Its Importance for PKI in Europe

The Common Criteria (ISO/IEC 15408) is an internationally recognised standard for evaluating the security of IT products and systems, including Hardware Security Modules (HSMs). It sets out rigorous requirements, ensuring that certified solutions reliably protect sensitive data through robust cryptographic measures and secure key management. One of the major benefits of this framework is its standing under the Common Criteria Recognition Arrangement (CCRA), which grants mutual recognition of certified products across numerous member countries, including many within the European Union.

Many governments and regulatory bodies—such as Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI), France’s Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), and the United States’ National Information Assurance Partnership (NIAP)—either mandate or strongly recommend Common Criteria certification for high-security environments. Within the EU, the standard aligns particularly well with the eIDAS Regulation, which specifies stringent rules for electronic identification and trust services. Solutions that wish to be recognised as a Qualified Signature Creation Device (QSCD) often demonstrate compliance with Common Criteria, underscoring their suitability for qualified electronic signatures and other trusted transactions.

In a modern Public Key Infrastructure (PKI) context, Common Criteria certification provides reassurance that HSMs and other security products meet the high-level criteria needed to secure cryptographic keys, digital certificates, and signature processes. It is not uncommon to see Common Criteria evaluated solutions alongside other standards—such as FIPS 140-2 or FIPS 140-3—in environments where resilience against cyber threats is paramount.

By achieving Common Criteria certification, manufacturers can more easily introduce their solutions into regulated markets throughout Europe. This is especially important for businesses handling eIDAS-compliant electronic signatures, digital identities, or other mission-critical applications involving the issuance, management, and validation of certificates. Through the CCRA, a certified product enjoys streamlined acceptance in participating nations, reducing the need for duplicate evaluations and facilitating faster expansion into new territories.

 

For further details: