Think tank urges US and EU to cooperate over cybersecurity labeling


The EU and the US should use international standards to build regulatory and technical interoperability between IoT cybersecurity labeling programs and avoid another potential regulatory conflict, the Information Technology and Innovation Foundation (ITIF) says.

On April 4th, the US-EU Trade and Technology Council will take place in Belgium. Among other cooperation programs, US officials are proposing that the two sides should cooperate on cybersecurity labeling for IoT devices.

ITIF, a nonprofit think tank for science and technology policy, believes that both sides should seize the moment.

Labels on devices may not be a flashy topic. However, the lack of robust cybersecurity standards and support for Internet of Things (IoT) devices leaves many users vulnerable. Many products – from smart speakers to climate-control systems – are left susceptible to relatively common security vulnerabilities exploited by cybercriminals.

The Federal Communications Commission (FCC) in the US recently introduced its new Cyber Trust Mark program to label with heightened standards, developed together with the National Institute of Standards and Technology (NIST).

ITIF’s associate director of trade policy, Nigel Cory, believes that now is a unique opportunity for the United States and the EU (and others) to cooperate, develop a shared labeling system, and avoid repeating the past.

“Cooperation on IoT cybersecurity labeling would avoid creating yet another regulatory point of conflict in the transatlantic trade and technology relationship. However, to make it happen, the United States and EU need to address major gaps and differences in their respective programs, especially on technical standards and conformity assessments,” he said in a report.

Many users are not well informed about the security of their devices and have no easy way to find trustworthy security information.

“A standardized labeling system would help address this need,” Cory said. “Transatlantic cooperation, via common standards, testing bodies, and a mutual recognition agreement, would be valuable because it would provide a common baseline for IoT cybersecurity and allow firms to only test once in order to sell in both markets.”

According to him, the Biden administration should direct NIST and the FCC to plan to eventually use international standards to ensure the US Cyber Trust Mark system becomes compatible with the EU’s program. The US and the EU will need to negotiate a mutual recognition agreement, similar to the one that's already been negotiated between Singapore and Germany.

“Cooperation on IoT cybersecurity labeling may seem like an esoteric technical issue, but successfully navigating it would provide a roadmap to align regulations for other new and emerging technology issues,” the report reads.

The European Telecommunications Standards Institute (ETSI) has developed a standard for consumer IoT devices, and many countries, including Australia and India, base their regulations on it.

Multiple, potentially conflicting country-specific standards raise the cost and complexity of trade and regulatory compliance and undermine regulatory cooperation between countries, and that could be avoided, concludes the report.


More from Cybernews:

Corrections officer guilty of $600K crypto pension scheme

Cyberattack strikes Hot Topic retail chain again

New study maps AI talent across the globe

Musk's xAI releases upgraded Grok 1.5 AI chatbot

Yandex deal chugs along as sunset clause extended through April

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked