The European Commission’s Cyber Resilience Act will require companies to comply with new requirements when producing digitally-connected items, such as cars, toys, and security cameras.
Firms manufacturing digitally-connected products, such as security cameras, toys, cars, fridges, or even mobile apps (whether in the EU or abroad), will have to comply with the new rules. Otherwise, they could face a fine of up to €15 million, or 2.5 percent of worldwide turnover, whichever is higher.
The Act is supposed to ensure that all products meet a minimum level of cybersecurity checks amid growing cybersecurity concerns and the increasing number of cyberattacks. The proposal cites an estimated global annual cost of cybercrime at EUR 5.5 trillion, with new rules expected to reduce the global costs by up to €290bn.
“In a connected environment, a cybersecurity incident in one product can affect an entire organisation or a whole supply chain, often propagating across the borders of the internal market within a matter of minutes. This can lead to severe disruption of economic and social activities or even become life threatening,” it explains.
The legislation suggests that current directives only partially address the problems identified, while the Cyber Resilience Act aims to “ increase legal uncertainty for both vendors and users of these products.”
Manufacturers will have to keep cybersecurity in mind during the entire production process, keep customers informed about the potential risks, and notify ENISA (European Union Agency for Cybersecurity) in case of an incident within 24 hours.
Under the new Act, products will be separated into two categories: critical or high-risk products, which make up for about 10 percent of the market and low-risk products. While for high-risk products, companies will have to prove meeting cybersecurity requirements to a national authority or through a third-party assessment, manufacturers of all other products will have to perform a self-assessment test.
The new bill must be reviewed by the European Parliament and the EU Council prior to being passed.
More from Cybernews:
Subscribe to our newsletter