Yesterday, through its executive arm, the EU proposed a new law that would oblige manufacturers to guarantee that those devices that connect to the Internet are aligned with the security standards defined by this community of countries.
Through this initiative, it seeks to protect the 27 member countries of this bloc against the growing cyber attacks that are registered globally.
Cyber Resilience Act, the EU proposal to legally protect cybersecurity
The EU’s concern with this issue is based on statistics that indicate that ransomware attacks occur every 11 seconds today. Also, the group of countries points out as a reference that, globally, the expense associated with combating cybercrime amounted to 5.5 million euros last year.
To deal with this scenario, the European Union presented a law, which in its draft phase was called the Cyber Resilience Act. Its purpose is to withdraw from the EU market all products with digital elements that are not sufficiently protected.
The European Commission maintains that this law will not only reduce attacks, but will also benefit consumers, since it will improve data protection and privacy.
“When it comes to cybersecurity, Europe is only as strong as its weakest link, be it a vulnerable member state or an insecure product along the supply chain”Said Thierry Breton, the EU commissioner for the internal market, according to AP reports. “Computers, phones, home appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of millions of connected products is a potential entry point for a cyber attack”he added.
Breton further noted that most hardware and software products are not currently subject to any cybersecurity obligations. The development and production processes, as they are not aligned with the proposed principles, would have to be redesigned from the perspective of cybersecurity in the event that this law comes into force, if what is sought is to market those products in European territory.
Under this legal framework proposal, companies will be responsible for responding to the security of their devices during the estimated useful life of each product, or else, in a minimum period of five years.
The European market regulatory authorities will be the entities empowered to withdraw or commercially incorporate devices not aligned with these requirements and to fine companies that do not comply with the law.
Cybersecurity is an issue that has progressively been installed on everyone’s lips. In this case, the European Commission alludes as influences for the emergence of this project, which was revealed by the coronavirus crisis, a period in which, together with an increase in digital activity, an increase in cyber attacks was witnessed. In addition, Russia’s invasion of Ukraine raised concerns about Europe’s energy infrastructure, which could also be a target—needed to be safeguarded—in the midst of a global energy crisis.