EU Proposes Rules Targeting Cyber Security Risks of Smart Devices
Under draft EU rules, smart devices connected to the internet like laptops to fridges, and mobile apps will have to be assessed for cyber security risks. This has to be done among the concerns of cyber attacks. If all of the companies fail to comply with the European Commission’s proposed law, which is known as the European Commission’s proposed law, then that companies have to face fines. The amount of the fine may be as much as 15 million Euros (more than A$22 million) or up to 2.5 percent of their total global turnover. For that reason, they will require manufacturers to fix any problems that are identified.
The EU executive said that the companies could save as much as 290 billion Euros annually in cyber incidents versus compliance costs of about 29 billion Euros. In recent years, a series of high-profile incidents of hackers damaging businesses and demanding huge ransoms. These have heightened concerns about vulnerabilities in network equipment, software and operating systems. EU digital chief Margrethe Vestager said in a statement “It (the Act) will put the responsibility where it belongs, with those that place the products on the market”.
The manufacturers must have to assess the cyber security risks of their products. They also need to take appropriate action to fix problems for a period of five years or during the expected lifetime of the product. Within 24 hours, for any incidents, the companies will have to notify EU cyber security agency ENISA. These will becoming aware of them, and take measures to resolve them. Importers and distributors must verify that the products are compatible with EU rules. The resulting red tape from the approval process could hamper the services in Europe and the roll-out of new technologies. The Computer & Communications Industry Association (CCIA Europe) warned this.
The public policy director Alexandre Roure said “Instead the new rules should recognize globally-accepted standards and facilitate cooperation with trusted trade partners to avoid duplicate requirements”.
The national surveillance authorities can prohibit or restrict a product from being made available to their national markets, if companies do not comply with the EU’s rules. Before they can become law, the draft rules will need to be agreed with EU countries and EU lawmaker.