Cyber Security Rules For Smart Fridges, Smart TVs & Smart Gadgets? Europe Is Considering These Steps..

Smart devices connected to the internet such as fridges and TVs will have to comply with tough European Union cybersecurity rules or risk being fined or banned from the bloc.

Introduced a year ago

EU will announce its proposal called the Cyber Resilience Act on Sept. 13

It was first announced by EC president Ursula von der Leyen in September 2021.

Objectives

The act intends to “establish common cybersecurity rules for digital products and associated services that are placed on the market across the European Union.”

It seeks to protect consumers from insecure products by introducing common cybersecurity rules for manufacturers and vendors of digital products.

Devices in potential danger

Cybersecurity concerns have been on the rise in recent years following high-profile incidents of hackers damaging businesses and demanding huge ransoms.

The attacks target smart devices in particular, which are appliances and other household devices that are equipped with sensors and online connections, creating what’s known as the Internet of Things.

Such products are at risk of a low level of cybersecurity reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them, the draft reads.

Dire consequences 

Attacks on such devices can have a ripple effect- extending to an entire organization or a whole supply chain, often propagating across the borders within a matter of minutes.

This can lead to severe disruptions of economic and social activities or even become life threatening.

Products that will have to comply with the rules include routers, connected cameras, and smartphones, and associated services such as software on phones or in vehicles.

Cutting the amount of money lost

The rules could slash the cost of cyber incidents to companies by as much as 290 billion euros ($289.8 billion) annually. 

However, companies will have to spend an estimated 29 billion euros to comply with and enforce the new cyber rules.

Required to notify incident to cybersecurity agency

Manufacturers will have to assess the cybersecurity risks of their products and take the required procedures to fix them.

They will have to notify EU cybersecurity agency ENISA of incidents within 24 hours of discovery along with taking measures to solve the problems.

Affected product can be pulled out of market

Importers and distributors will be required to verify that products conform with EU rules.

In case of non-compliance, national surveillance authorities can “prohibit or restrict” the availability of the product in the market through withdrawal or recall.

Levels of penalties

Companies caught flouting the rules will have to pay up to 15 million euros or up to 2.5% of their total global turnover, whichever is higher.

Less serious violations could incur fines of 10 million euros or 2% of global yearly sales.

If a company is found guilty of providing “incorrect, incomplete or misleading” information, it could be fined 5 million euros, or up to 1% of annual revenue.

Image Source