Tuesday

4th Oct 2022

Cyber-risk from Internet of Things prompts new EU rules

  • It is estimated that every 11 seconds there is a ransomware attack targeting an organisation across the globe (Photo: European Commission)
Listen to article

Manufacturers selling smart devices connected to the internet in the EU internal market will have to comply with certain cybersecurity standards under a new bill announced by the European Commission on Thursday (15 September).

Firms making digitally-connected items such as security cameras, toys, cars, fridges or even mobile apps, will face fines of up to up to €15m or 2.5 percent of their global turnover if found in breach of the new rules — but which still need the approval of EU countries and MEPs.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

The new rules come amid widespread concern over the increasing number of cyberattacks and data breaches last year when remote work and lockdowns drove up worldwide internet traffic.

With more-and-more connected devices coming onto the market, these new EU requirements aim to minimise the cybersecurity risks that such devices entail.

"As we approach this era of Internet of Things where all of us will be almost permanently interconnected with devices and appliances, this [law] becomes more urgent than ever," said commission vice-president Margaritis Schinas.

New rules could reduce up to €290bn in costs from cyber incidents affecting companies, the EU executive said.

It is estimated that every 11 seconds there is a ransomware attack targeting an organisation across the globe — a dark criminal business with an estimated cost of €20bn in 2021. Overall, cybercrime had a global cost of €5.5 trillion in 2021.

"We need to protect our digital space," EU internal market commissioner Thierry Breton said, warning that an innocuous babysitting camera can be hacked by individuals or be used for espionage by third countries.

"You're supposed to use it to look after your dog or see what your children are up to. But who knows what is then done with that data, who can use it or who can exploit it?," he added.

Under new rules, manufacturers will have to take cybersecurity into account throughout the whole supply chain, listing all cybersecurity risks in order to inform consumers.

Notification inside 24 hours

They will also have to notify the EU cybersecurity agency (ENISA — European Union Agency for Cybersecurity) about any vulnerabilities or attacks within 24 hours once they are spotted, fix the incidents and provide users with security updates at least for five years.

"We try to rebalance the responsibility towards manufacturers who must ensure that they put in the market products that are digitally secure," said Schinas.

The draft law separates products falling under the scope of the legislation into two categories: namely, a group of some 10 percent of critical products considered "high-risk" and a larger group of other products considered low-risk.

Manufacturers of high-risk products, including critical software and industrial operating systems, among a long list of examples, will have to demonstrate to national authorities whether the specified cyber requirements relating to a product have been met. Firms producing low-risks products will be only requested to carry out a self-assessment.

If companies fail to comply with the rules, national authorities would be able to ban or restrict the entrance of such products onto the EU market.

Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

EU policymakers need to clarify that the e-privacy should not apply to most Internet of Things devices. The current proposal require explicit user consent in all cases - which is not practical.

Opinion

The Greek Watergate

In the European Parliament hearing into espionage against Greek politicians and reporters, the spied-upon journalists recounted their experiences — but the non-answers provided by the Greek government official were embarrassing, confrontative, and institutionally vacant.

Investigation

NSO surveillance rival operating in EU

As European Parliament hearings into hacking scandals resume this week, an investigation led by Lighthouse Reports with EUobserver, Der Spiegel, Domani and Irpimedia reveals the unreported scale of operations at a shady European surveillance outfit.

News in Brief

  1. Czechs warn joint-nationality citizens in Russia on mobilisation
  2. Greece to unveil proposal for capping EU gas prices
  3. Four dead, 29 missing, after dinghy found off Canary Islands
  4. Orbán: German €200bn shield is start of 'cannibalism in EU'
  5. Lithuania expels top Russian diplomat
  6. Poland insists on German WW2 reparations
  7. Russia halts gas supplies to Italy
  8. Bulgaria risks hung parliament after inconclusive vote

Stakeholders' Highlights

  1. The European Association for Storage of EnergyRegister for the Energy Storage Global Conference, held in Brussels on 11-13 Oct.
  2. EFBWW – EFBH – FETBBA lot more needs to be done to better protect construction workers from asbestos
  3. European Committee of the RegionsThe 20th edition of EURegionsWeek is ready to take off. Save your spot in Brussels.
  4. UNESDA - Soft Drinks EuropeCall for EU action – SMEs in the beverage industry call for fairer access to recycled material
  5. Nordic Council of MinistersNordic prime ministers: “We will deepen co-operation on defence”
  6. EFBWW – EFBH – FETBBConstruction workers can check wages and working conditions in 36 countries

Latest News

  1. Last-minute legal changes to Bosnian election law stir controversy
  2. EU wants probe into alleged Nagorno-Karabakh war crimes
  3. EU officials were warned of risk over issuing financial warning
  4. EU debates national energy plans amid calls for more coordination
  5. What Modi and Putin’s ‘unbreakable friendship’ means for the EU
  6. EU leaders have until Friday for refugee resettlement pledges
  7. Cities and regions stand with citizens and SMEs ahead of difficult winter
  8. Editor's weekly digest: A week of leaks

Join EUobserver

Support quality EU news

Join us