Draft EU rules target smart devices with cybersecurity risks
According to a European Commission document seen by Reuters on Thursday, internet-connected smart devices such as fridges and televisions will have to comply with the European Union’s strict cybersecurity rules or face a fine. or banned from the block.
Concerns about cybersecurity attacks have grown in recent years following high-profile incidents of hackers damaging businesses and demanding huge ransoms.
The EU executive will announce its proposal known as the Cyber Resilience Act on September 13. It is likely to become law following contributions from EU countries.
The rules could reduce the cost of cyber incidents for businesses by up to 290 billion euros ($289.8 billion) a year against compliance costs of around 29 billion euros, according to the newspaper.
Manufacturers will need to assess the cybersecurity risks of their products and take appropriate procedures to address issues, the document says.
Companies will have to notify the European cybersecurity agency ENISA of incidents within 24 hours of becoming aware of the issues, and take action to resolve the issues.
Importers and distributors will be required to check that products comply with EU rules.
If companies fail to comply, national supervisory authorities can “prohibit or restrict the availability of this product in its national market, withdraw it from that market or recall it”, the document states.
Failure to comply with the rules can cost companies fines of up to €15 million or up to 2.5% of their total worldwide turnover, whichever is greater, with lower fines for less serious offences.