Press release

      TECNALIA, the first national entity accredited for cybersecurity testing

      1 July 2025

      TECNALIA, primera entidad nacional acreditada para ensayos en todos los niveles de la ciberseguridad

      TECNALIA, the first national entity accredited for cybersecurity testing at all levels

      The research and technological development centre has obtained ENAC (Spanish National Accreditation Body) accreditation to certify the industry at the highest level of security in accordance with the IEC 62443-4-2 international standard

       30 June 2025. The TECNALIA research and technological development centre has become the first national entity accredited by ENAC (Spanish National Accreditation Body) to carry out cybersecurity tests at all security levels in accordance with the IEC 62443-4-2 international standard. This standard, considered one of the pillars in the protection of industrial automation and control systems, establishes demanding technical cybersecurity requirements for the components of such systems. The accreditation recognises the laboratory's technical competence to assess these products against increasingly sophisticated threats.

      Therefore, TECNALIA has obtained accreditation for testing at the four levels of security set out in the standard, which enables it to cover environments with greater requirements in protection against targeted threats, and positions the laboratory as a national and international benchmark in the assessment of critical industrial components.

      IEC 62443-4-2

      IEC 62443-4-2 provides a detailed and scalable framework for establishing cybersecurity requirements for industrial components, such as embedded devices, application software and network devices, and protecting them against a wide range of threats.

      These requirements are structured into four Levels of Security, from accidental threats to protecting against sophisticated attacks by adversaries with significant resources. Each successive level increases the rigour of the technical measures required, such as system bastioning, role-based access control, secure event logging, strong encryption and integrity and authenticity validation.

      "This accreditation places us at the European forefront of industrial cybersecurity assessment. It is a guarantee of reliability for manufacturers, integrators and operators of critical infrastructures. It is undoubtedly a major advance to foster more secure industrial environments, both nationally and internationally", said Marta Castro, Director of Digital Labs, and head of TECNALIA's Cybersecurity Assessment Laboratory.

      This development is key to foster more secure industrial environments, both nationally and internationally, and offers companies a certification pathway aligned with global market requirements and regulations, such as the European Cyber Resilience Act (CRA).