On Thursday, the European Union’s executive body proposed a new law that would oblige manufacturers to ensure internet-connected devices comply with cybersecurity standards, making the 27-country bloc less vulnerable to attacks.
The EU said that ransomware attacks occur every 11 seconds and global annual losses from cybercrime are estimated at 5.5 trillion euros in 2021. In Europe alone, cyberattacks cost between 180 and 290 billion euros a year, according to EU officials.
The European Commission said there has been an increase in cyberattacks during the coronavirus pandemic and that Russia’s war in Ukraine has raised fears that European energy infrastructure could also be targeted in the global energy crisis.
The law, proposed as the Cyber Resilience Act, aims to remove all products with digital elements that are not adequately protected from the EU market.
The EU’s executive commission said the law would not only reduce attacks, but also benefit consumers by improving data protection and privacy.
“When it comes to cybersecurity, Europe is only as strong as its weakest link, be it a vulnerable member state or an insecure product in the supply chain,” said Thierry Breton, EU Commissioner for the Internal Market.
“Computers, phones, household appliances, virtual assistance devices, cars, toys. each of these hundreds of millions of connected products is a potential entry point for a cyberattack.”
Breton said that most hardware and software products are not currently subject to any cybersecurity obligations.
If adopted, the regulation would require manufacturers to take cybersecurity into account when designing and developing their devices. The companies will be responsible for the safety of the products for their entire expected life, but not less than five years.
Market authorities will have the power to confiscate or recall non-compliant devices and penalize companies that do not comply with the rules.
The Computer and Communications Industry Association (CCIA), which represents firms in the computer, communications and internet industries, applauded the commission’s goal of improving cyber resilience but said the bill would make unnecessary changes.
“These cybersecurity rules should be aimed at weeding out bad products from the EU market, but the current… proposal will result in innovative products piling up in waiting rooms before they can be used by Europeans,” said Alexander Ruhr, director of public policy at CCIA Europe. .
“Instead, the new rules should recognize generally accepted standards and facilitate collaboration with trusted trading partners to avoid duplication of requirements.”
Copyright 2022 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or distributed.
Was this article valuable?
Here are some more articles you might like.
Do you want to be in the know?
Get the latest insurance news
sent directly to your inbox.