The new standard describes how the cybersecurity of ICT products can be examined in a pre-defined time, which means within a time frame set out at the beginning of the examination. This evaluation is usually part of certification procedures for ICT products.

EN 17640 is the first standard that implements by design the requirements of the European Cybersecurity Act (CSA), which establishes the rules for future cybersecurity certification schemes in Europe. For this reason, it provides future CSA schemes with the necessary building blocks to conduct evaluations at the three assurance levels "basic", "substantial" and "high", together with further legal requirements. At the same time, the standard can be adapted to the requirements of specific markets requiring cybersecurity certification or in general security evaluation.