Europe agrees on rules to protect smart devices from cyber threats
Sign up now: Get ST's newsletters delivered to your inbox
The Cyber Resilience Act will apply to all products connected either directly or indirectly to another device or to a network.
PHOTO: REUTERS
Follow topic:
BRUSSELS - European Union (EU) countries and lawmakers on Nov 30 agreed on rules to protect laptops, fridges, mobile apps and smart devices connected to the Internet from cyberthreats following a spate of such attacks and ransom demands in recent years around the world.
Proposed by the European Commission in September 2022, the Cyber Resilience Act will apply to all products connected either directly or indirectly to another device or to a network.
It sets out cyber-security requirements for the design, development, production and the sale of hardware and software products.
Manufacturers will have to assess the cyber-security risks of their products, provide declarations of conformity and take appropriate action to fix problems during the expected lifetime of the product or for a period of at least five years.
They must be more transparent on the security of hardware and software products for consumers and business users, and report cyber incidents to national authorities. Importers and distributors will have to verify that products conform with EU rules.
Mr Jose Luis Escriva, the Spanish Minister of Digital Transformation, said: “Connected devices need a basic level of cyber security when sold in the EU, ensuring that businesses and consumers are properly protected against cyber threats.”
The Commission has said the cyber-security rules could save companies as much as €290 billion (S$423 billion) annually, versus compliance costs of about €29 billion. REUTERS
