The new Cyber Resilience Act passed by the EU Council on Wednesday requires manufacturers to implement robust security measures for all connected devices, before getting into the hands of consumers.
The new law aims to beef up cybersecurity requirements for all products with digital elements, such as smart TVs, appliances, home cameras, doorbells, thermostats, and the like, before they have a chance to reach the consumer market, the Council said.
The Cyber Resilience Act was adopted to “fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent,” the Council said in Wednesday’s announcement.
The new cybersecurity regulations will apply to all Internet of Things (IoT) devices and products throughout their supply chain and developmental lifecycle, including the design, development, production, and availability of a product, covering both the hardware and software.
Any digital product connected to a WiFi network or to another smart device – either directly or indirectly– will be covered under the new rule.
EU lawmakers said the law will “finally” give consumers the power to choose hardware and software products with the appropriate security features to meet their needs.
Cyber resilience act adopted 🚨
undefined EU Council (@EUCouncil) October 10, 2024
The new law ensures that digital products — such as smart home cameras, TVs, and fridges — meet strict cybersecurity standards before they hit the market.
Click for more ⬇️
At present, many products made and sold exclusively within the European Economic Area (EEA) are stamped with the initials “CE” for Conformite Europeenne, or European Compliance, when translated from French.
Products with the CE mark indicate that they meet the EU’s high safety, health, and environmental protection requirements passed under current legislation.
Connected products complying with the new rules laid out in the Cyber Resilience Act will also be given the CE stamp.
Exceptions to the law include products that already have established regulations, such as medical devices, aeronautical products, and cars.
According to the Council, the law was fashioned so companies would not be subjected to “overlapping requirements” already in place from current legislation enacted in individual EU member states.
The new regulation, first proposed by lawmakers in September 2022, is expected to be signed by the EU Council presidents and European Parliament and then published in the EU’s official journal over the next few weeks.
Once signed, the ACT becomes valid in 20 days, although it is expected to take up to three years to be fully implemented and enforced.
The law is said to complement the EU’s existing cybersecurity framework, which encompasses several other cybersecurity legislation including NIS directives 1 and 2, and the EU cybersecurity act.
Your email address will not be published. Required fields are markedmarked