Smart devices connected to the internet such as fridges and TVs will have to comply with tough European Union cybersecurity rules or risk being fined or banned from the bloc. The EU executive announced its proposal, known as the Cyber Resilience Act, today (September 15). It is likely to become law following input from EU countries.
The announcement said:
The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.
Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.
Such products suffer from two major problems adding costs for users and the society:
While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cybersecurity. In particular, the current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.
Two main objectives were identified aiming to ensure the proper functioning of the internal market:
Four specific objectives were set out:
More information and downloads available here.