EU is tired of ‘smart’ devices with half-baked security
The European Union (EU) is set to crack down on the safety of shoddy devices with significant new legislation.
The proposed “Cyber Resilience Act” will ensure that all devices connected “directly or indirectly to another device or network”, including everything from refrigerators to smartwatches, will have to adhere to a new set of cybersecurity standards.
The price of non-compliance is quite high, companies could face fines of up to 15 million euros ($15 million) or up to 2.5% of their total worldwide turnover if they do not comply. not conform.
What does this mean for businesses?
Manufacturers will now be required to report all known actively exploited vulnerabilities and incidents.
The proposed regulations will also strengthen the obligation for manufacturers to keep consumers informed, ensuring that they “enable consumers to have sufficient information about the cybersecurity of the products they buy and use”.
Manufacturers will also be required to provide regular security support and software updates to address new vulnerabilities.
The new rules will not apply to devices whose cybersecurity requirements are already defined under existing EU rules, such as medical devices, aviation technology and cars.
The claim is that compliance costs could amount to up to €29 billion in compliance costs, this will ultimately save businesses €290 billion per year in cyber incidents.
It’s no surprise that the EU chooses to crack down on device security, it’s proven to be a serious ongoing issue, and cybercriminals around the world are turning to IoT devices like terminals.
Consumer Law Group Which? built a house full of smart devices and recorded 12,807 unique scan and attack attempts in its first month directed at them.
Device security doesn’t generally seem like something consumers focus on as a priority, at least according to research from BlackBerry.
Of more than three-quarters – 77% – of smart home devices purchased in the past two years, less than a third (30%) of German and Dutch homeworkers who own a smart device said security was one of the three main factors. during these purchases.
“We deserve to feel safe with the products we buy in the single market. Just as we can trust a toy or a fridge with a CE mark, the Cyber Resilience Act will ensure that connected objects and software we purchase adheres to strong cybersecurity safeguards,” said Margrethe Vestager, European Commission Executive Vice-President for Digital Agenda. “It will put the responsibility where it belongs, with those who bring the products to market.”
It’s not just the EU that’s ready and willing to crack down on device security.
A UK government ‘Security by Design’ bill covering the security of smart devices surfaced as early as 2019.