This report describes the function of IT security and defines by which means IT security in Information and Communication Technology (ICT) products can be regulated. It also highlights in which manner the regulation of IT security has a bearing on international trade and market access.

We discuss whether greater harmonisation of regulation in the field of IT security for ICT products is possible, as the current regulatory landscape is rather fragmented compared to many other product areas.

Our analysis shows that the regulation of IT security in ICT products is a rather complex area, which does not follow the logic of product regulation in other domains. Further, the policy choices made in the domain of regulation will have a significant effect on our security and also on international trade.