Key Points
- India to chair CCDB from April 2026 to April 2028
- CCRA comprises 38 nations that mutually recognise IT security certificates
- STQC Directorate serves as India’s official certification body since 2013
India will chair the Common Criteria Development Board (CCDB) from April 2026 to April 2028, taking the lead role in setting international IT security evaluation standards. The appointment was confirmed at the first quarter meeting of the Common Criteria Recognition Arrangement (CCRA), held from 14 to 16 April 2026 in Tokyo.
The position gives India direct influence over how IT products are tested and certified for security across 38 countries. Products certified under the Common Criteria framework — which covers everything from firewalls and encryption software to smart cards and operating systems — are accepted by all member nations without requiring separate testing in each country.
EVENT
Saksham Bharat 2026
A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.
EVENT
VeeamON 2026 Tour India – Mumbai
A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.
EVENT
Cyber Surakshit Uttar Pradesh
Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.
EVENT
VeeamON 2026 Tour India – Bengaluru
A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.
EVENT
VeeamON 2026 Tour India – Delhi
A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.
EVENT
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
EVENT
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
EVENT
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
By the numbers
- 38
- CCRA member nations
- 2 years
- India’s CCDB chairmanship term
- 2013
- Year India joined CCRA
The CCDB manages the technical work programme for the Common Criteria (CC) and the Common Methodology for Information Technology Security Evaluation (CEM). While other CCRA committees handle policy matters, the CCDB sets the actual technical standards that determine how security products are evaluated worldwide.
India’s Role in the Framework
India has been a certificate-authorising member of the CCRA since 16 September 2013. The Ministry of Electronics and Information Technology (MeitY) represents the country in the arrangement, with the Standardisation Testing and Quality Certification (STQC) Directorate serving as the official certification body for IT security evaluations.
As a certificate-authorising nation, India can issue Common Criteria certificates that are recognised by all 38 CCRA members — 20 certificate-authorising nations and 18 certificate-consuming nations. Indian technology companies seeking to export security products to these markets can obtain a single certification from STQC rather than undergoing separate evaluation in each destination country.
What the Chairmanship Means
The two-year term will place India at the centre of decisions on how emerging technologies are evaluated for security. The CCDB determines which product categories are covered by the framework and how evaluation methodologies are updated to address new security challenges.
The Common Criteria Portal, maintained by CCRA members, serves as the global registry of certified secure IT products. Any product listed on the portal carries a certificate recognised across all member nations, making the standards set by the CCDB directly relevant to international trade in technology products.
Advertisement
Your Questions, Answered
What is the Common Criteria Development Board?
The CCDB is the technical body that manages international standards for IT security evaluation. It sets the criteria used to test and certify security products across 38 member countries of the Common Criteria Recognition Arrangement.
Why does the CCDB chairmanship matter for Indian companies?
Indian technology companies can obtain security certifications from STQC that are recognised across all 38 CCRA member nations. As chair, India will influence how these standards evolve, potentially shaping rules that affect Indian exports.
How long has India been part of the Common Criteria arrangement?
India has been a certificate-authorising member of the CCRA since 16 September 2013, with STQC serving as the official certification body under MeitY.
What products are covered by Common Criteria certification?
The framework covers IT security products including firewalls, encryption software, smart cards, operating systems and other technology requiring security evaluation for international markets.