¹Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after informing the supervisory authority in order to allow it to exercise its powers pursuant to point (h) of Article 58(2) where necessary, issue and renew certification. ²Member States shall ensure that those certification bodies are accredited by one or both of the following:

(a) The supervisory authority which is competent pursuant to Article 55 or 56;

(b) The national accreditation body named in accordance with Regulation (EC) No 765/2008 of the European Parliament and of the Council¹ in accordance with EN-ISO/IEC 17065/2012 and with the additional requirements established by the supervisory authority which is competent pursuant to Article 55 or 56.