© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

EU proposes new rules to address cyber risks from Internet of Things


The European Commission’s Cyber Resilience Act will require companies to comply with new requirements when producing digitally-connected items, such as cars, toys, and security cameras.

Firms manufacturing digitally-connected products, such as security cameras, toys, cars, fridges, or even mobile apps (whether in the EU or abroad), will have to comply with the new rules. Otherwise, they could face a fine of up to €15 million, or 2.5 percent of worldwide turnover, whichever is higher.

The Act is supposed to ensure that all products meet a minimum level of cybersecurity checks amid growing cybersecurity concerns and the increasing number of cyberattacks. The proposal cites an estimated global annual cost of cybercrime at EUR 5.5 trillion, with new rules expected to reduce the global costs by up to €290bn.

“In a connected environment, a cybersecurity incident in one product can affect an entire organisation or a whole supply chain, often propagating across the borders of the internal market within a matter of minutes. This can lead to severe disruption of economic and social activities or even become life threatening,” it explains.

The legislation suggests that current directives only partially address the problems identified, while the Cyber Resilience Act aims to “ increase legal uncertainty for both vendors and users of these products.”

Manufacturers will have to keep cybersecurity in mind during the entire production process, keep customers informed about the potential risks, and notify ENISA (European Union Agency for Cybersecurity) in case of an incident within 24 hours.

Under the new Act, products will be separated into two categories: critical or high-risk products, which make up for about 10 percent of the market and low-risk products. While for high-risk products, companies will have to prove meeting cybersecurity requirements to a national authority or through a third-party assessment, manufacturers of all other products will have to perform a self-assessment test.

The new bill must be reviewed by the European Parliament and the EU Council prior to being passed.


More from Cybernews:

Shiba Inu cloud credentials leaked online

Crypto influencer runs Ponzi scheme in "awareness campaign"

Hacker stole $185,000 worth of crypto Bill Murray raised for charity

Baseball card Mark Zuckerberg had made for him as a kid will go up for auction

Crypto scammers posing as Elon Musk briefly hack Imran Khan’s Instagram account

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked