EU proposes rules targeting smart devices with cybersecurity risks | Inquirer Business

EU proposes rules targeting smart devices with cybersecurity risks

/ 05:23 PM September 15, 2022

Broken Ethernet cable

Broken Ethernet cable is seen in front of binary code and words “cyber security” in this illustration taken March 8, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

BRUSSELS  – From laptops to fridges to mobile apps, smart devices connected to the internet will have to assess their cybersecurity risks and fix them under draft European Union rules announced on Thursday, amid concerns about a spate of cyber attacks.

Companies face fines of as much as 15 million euros ($15 million) or up to 2.5 percent of their total global turnover if they fail to do so under the European Commission’s proposed law known as the Cyber Resilience Act.

Article continues after this advertisement

Companies could save as much as 290 billion euros annually in cyber incidents versus compliance costs of about 29 billion euros, the EU executive said.

FEATURED STORIES

A series of high-profile incidents of hackers damaging businesses and demanding huge ransoms in recent years have heightened concerns about vulnerabilities in operating systems, network equipment and software.

“It (the Act) will put the responsibility where it belongs, with those that place the products on the market,” EU digital chief Margrethe Vestager said in a statement.

Article continues after this advertisement

EU industry chief Thierry Breton pointed to numerous devices that are vulnerable to hacking.

Article continues after this advertisement

“Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of million connected products is a potential entry point for a cyberattack,” he said.

Article continues after this advertisement

Manufacturers will have to assess the cybersecurity risks of their products and take appropriate procedures to fix problems for a period of five years or during the expected lifetime of the product.

The companies will have to notify EU cybersecurity agency ENISA of incidents within 24 hours once they are aware of issues, and take measures to resolve them.

Article continues after this advertisement

Importers and distributors will be required to verify that products conform with EU rules.

If companies do not comply, national surveillance authorities can prohibit or restrict a given product from being made available on its national market.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

The draft rules will need to be agreed with EU countries and EU lawmakers before they can become law.

TAGS: cybersecurity, EU, Rules

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.