EU Proposes Draft Rules to Assess Cybersecurity Risks on Smart Devices

The European Union (EU) has announced a set of draft rules to make it mandatory for all smart devices connected to internet to assess their cybersecurity risks. The step has been taken amid growing concerns about cyberattacks. Under the newly proposed law, known as the Cyber Resilience Act, the European Commission can also levy fine of up to EUR 15 million (nearly Rs. 120 crore) or up to 2.5 percent of their global turnover on all companies who fail to comply with the rules.

The EU has made it strict for all smart devices connected to internet — including laptops, fridges, smartwatches — to assess the cybersecurity risks. In case of any errors, the companies are also compelled to fix them under the new Cyber Resilience Act. EU digital chief Margrethe Vestager, in a statement released earlier today, said, “It (the Act) will put the responsibility where it belongs, with those that place the products on the market.

The act was initially announced by European Commission President Ursula von der Leyen in September 2021. The step has been taken in direction to make digital products more secure for consumers across the EU. Failing to comply with the laws can invite a fine of up to EUR 15 million or up to 2.5 percent of the total global turnover for the companies.

Vestager also encouraged companies to comply to these rules of assessing cybersecurity risks as it could save them as much as 290 billion euros annually in cyber incidents.

Under the new law, manufacturers will have to assess the cybersecurity risks on their products. In case of any faults, the companies need to take appropriate procedures to fix problems. Moreover, they are also bound to inform EU cybersecurity agency ENISA of cyber incidents within 24 hours as and when they get aware about it.

The draft rules, before becoming a law, will need to be agreed with EU countries and EU lawmakers.

---