EU proposes rules targeting cybersecurity risks of smart devices

FILE PHOTO: Broken Ethernet cable is seen in front of binary code and words "cyber security" in this illustration taken March 8, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

BRUSSELS (Reuters) -From laptops to fridges to mobile apps, smart devices connected to the internet will have to be assessed for their cybersecurity risks under draft European Union rules announced on Thursday, amid concerns about a spate of cyber attacks.

Companies face fines of as much as 15 million euros ($15 million) or up to 2.5% of their total global turnover if they fail to comply with the European Commission's proposed law known as the Cyber Resilience Act, which will require manufacturers to fix any problems that are identified.

Companies could save as much as 290 billion euros annually in cyber incidents versus compliance costs of about 29 billion euros, the EU executive said.

A series of high-profile incidents of hackers damaging businesses and demanding huge ransoms in recent years have heightened concerns about vulnerabilities in operating systems, network equipment and software.

"It (the Act) will put the responsibility where it belongs, with those that place the products on the market," EU digital chief Margrethe Vestager said in a statement.

Manufacturers will have to assess the cybersecurity risks of their products and take appropriate action to fix problems for a period of five years or during the expected lifetime of the product.

The companies will have to notify EU cybersecurity agency ENISA of any incidents within 24 hours of becoming aware of them, and take measures to resolve them.

Importers and distributors will have to verify that products conform with EU rules.

The Computer & Communications Industry Association (CCIA Europe) warned that the resulting red tape from the approval process could hamper the roll-out of new technologies and services in Europe.

"Instead the new rules should recognise globally-accepted standards and facilitate cooperation with trusted trade partners to avoid duplicate requirements," Public Policy Director Alexandre Roure said.

If companies do not comply with the EU's rules, national surveillance authorities can prohibit or restrict a product from being made available to their national markets.

The draft rules will need to be agreed with EU countries and EU lawmakers before they can become law.

($1 = 1.0013 euros)

(Reporting by Foo Yun Chee; editing by Philip Blenkinsop and Elaine Hardcastle)

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!


Next In Tech News

Samsung unveils Galaxy S23 Ultra (from RM5,699) with 200-megapixel camera, S23+ (from RM4,699) and S23 (from RM3,899)
Exclusive-EV maker Rivian to cut 6% of jobs amid price war -internal memo
GoodRx pays $1.5 million to settle health privacy allegations
Exclusive-Cybersecurity firm Rapid7 explores sale -sources
Bankman-Fried barred from contacting FTX employees, using Signal
Tinder owner Match to cut staff by about 8% after downbeat forecast
Tesla directors to testify in 'funding secured' trial
Crypto hacks stole record $3.8 billion in 2022, led by North Korea groups - report
T-Mobile misses quarterly revenue estimates as competition bites
PayPal's rocky road ahead warrants more cost cuts, Wall Street says

Others Also Read