Key Points
- India to chair CCDB from April 2026 to April 2028
- CCRA comprises 38 nations that mutually recognise IT security certificates
- STQC Directorate serves as India's official certification body since 2013
India will chair the Common Criteria Development Board (CCDB) from April 2026 to April 2028, taking the lead role in setting international IT security evaluation standards. The appointment was confirmed at the first quarter meeting of the Common Criteria Recognition Arrangement (CCRA), held from 14 to 16 April 2026 in Tokyo.
The position gives India direct influence over how IT products are tested and certified for security across 38 countries. Products certified under the Common Criteria framework — which covers everything from firewalls and encryption software to smart cards and operating systems — are accepted by all member nations without requiring separate testing in each country.
By the numbers
- 38
- CCRA member nations
- 2 years
- India's CCDB chairmanship term
- 2013
- Year India joined CCRA
The CCDB manages the technical work programme for the Common Criteria (CC) and the Common Methodology for Information Technology Security Evaluation (CEM). While other CCRA committees handle policy matters, the CCDB sets the actual technical standards that determine how security products are evaluated worldwide.
India’s Role in the Framework
India has been a certificate-authorising member of the CCRA since 16 September 2013. The Ministry of Electronics and Information Technology (MeitY) represents the country in the arrangement, with the Standardisation Testing and Quality Certification (STQC) Directorate serving as the official certification body for IT security evaluations.
As a certificate-authorising nation, India can issue Common Criteria certificates that are recognised by all 38 CCRA members — 20 certificate-authorising nations and 18 certificate-consuming nations. Indian technology companies seeking to export security products to these markets can obtain a single certification from STQC rather than undergoing separate evaluation in each destination country.
What the Chairmanship Means
The two-year term will place India at the centre of decisions on how emerging technologies are evaluated for security. The CCDB determines which product categories are covered by the framework and how evaluation methodologies are updated to address new security challenges.
The Common Criteria Portal, maintained by CCRA members, serves as the global registry of certified secure IT products. Any product listed on the portal carries a certificate recognised across all member nations, making the standards set by the CCDB directly relevant to international trade in technology products.
Your Questions, Answered
What is the Common Criteria Development Board?
The CCDB is the technical body that manages international standards for IT security evaluation. It sets the criteria used to test and certify security products across 38 member countries of the Common Criteria Recognition Arrangement.
Why does the CCDB chairmanship matter for Indian companies?
Indian technology companies can obtain security certifications from STQC that are recognised across all 38 CCRA member nations. As chair, India will influence how these standards evolve, potentially shaping rules that affect Indian exports.
How long has India been part of the Common Criteria arrangement?
India has been a certificate-authorising member of the CCRA since 16 September 2013, with STQC serving as the official certification body under MeitY.
What products are covered by Common Criteria certification?
The framework covers IT security products including firewalls, encryption software, smart cards, operating systems and other technology requiring security evaluation for international markets.
