Internet-connected smart devices, from laptops to refrigerators to mobile apps, should be assessed for cybersecurity risks under draft european union The rules were announced amid growing concerns about cyberattacks.
Companies face fines of up to €15 million ($15 million) or 2.5% of total global turnover for non-compliance. European CommissionKnown as the Cyber Resilience Act.
Businesses could save 290 billion euros annually in cyber incidents against around 29 billion euros in compliance costs, EU officials said.
Recent high-profile incidents of hackers damaging businesses and demanding huge ransoms have raised concerns about vulnerabilities in operating systems, network equipment, and software.
“It (the law) will hold the responsibility to whoever puts the product on the market and where it belongs,” Margrethe Vestager, the EU’s digital chief, said in a statement.
Manufacturers should assess the cybersecurity risks of their products and take appropriate steps to fix the issues for five years or the expected lifetime of the product.
Businesses must notify EU cybersecurity authorities Enisa Report incidents within 24 hours of their occurrence and take action to resolve them.
Importers and distributors must ensure that their products comply with EU regulations.
of Computer & Communications Industry Association (CCIA Europe) warned that the red tape resulting from the approval process could hinder the deployment of new technologies and services in Europe.
“Instead, new rules should recognize globally accepted standards and facilitate cooperation with trusted trading partners to avoid overlapping requirements,” said the public policy director. Alexandre Roulet Said.
If companies do not comply with EU regulations, national supervisory authorities can ban or restrict products from being made available on the domestic market.
The draft must be agreed with EU member states and EU lawmakers before it becomes law.