Sunday

27th Nov 2022

Cyber-risk from Internet of Things prompts new EU rules

  • It is estimated that every 11 seconds there is a ransomware attack targeting an organisation across the globe (Photo: European Commission)
Listen to article

Manufacturers selling smart devices connected to the internet in the EU internal market will have to comply with certain cybersecurity standards under a new bill announced by the European Commission on Thursday (15 September).

Firms making digitally-connected items such as security cameras, toys, cars, fridges or even mobile apps, will face fines of up to up to €15m or 2.5 percent of their global turnover if found in breach of the new rules — but which still need the approval of EU countries and MEPs.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

The new rules come amid widespread concern over the increasing number of cyberattacks and data breaches last year when remote work and lockdowns drove up worldwide internet traffic.

With more-and-more connected devices coming onto the market, these new EU requirements aim to minimise the cybersecurity risks that such devices entail.

"As we approach this era of Internet of Things where all of us will be almost permanently interconnected with devices and appliances, this [law] becomes more urgent than ever," said commission vice-president Margaritis Schinas.

New rules could reduce up to €290bn in costs from cyber incidents affecting companies, the EU executive said.

It is estimated that every 11 seconds there is a ransomware attack targeting an organisation across the globe — a dark criminal business with an estimated cost of €20bn in 2021. Overall, cybercrime had a global cost of €5.5 trillion in 2021.

"We need to protect our digital space," EU internal market commissioner Thierry Breton said, warning that an innocuous babysitting camera can be hacked by individuals or be used for espionage by third countries.

"You're supposed to use it to look after your dog or see what your children are up to. But who knows what is then done with that data, who can use it or who can exploit it?," he added.

Under new rules, manufacturers will have to take cybersecurity into account throughout the whole supply chain, listing all cybersecurity risks in order to inform consumers.

Notification inside 24 hours

They will also have to notify the EU cybersecurity agency (ENISA — European Union Agency for Cybersecurity) about any vulnerabilities or attacks within 24 hours once they are spotted, fix the incidents and provide users with security updates at least for five years.

"We try to rebalance the responsibility towards manufacturers who must ensure that they put in the market products that are digitally secure," said Schinas.

The draft law separates products falling under the scope of the legislation into two categories: namely, a group of some 10 percent of critical products considered "high-risk" and a larger group of other products considered low-risk.

Manufacturers of high-risk products, including critical software and industrial operating systems, among a long list of examples, will have to demonstrate to national authorities whether the specified cyber requirements relating to a product have been met. Firms producing low-risks products will be only requested to carry out a self-assessment.

If companies fail to comply with the rules, national authorities would be able to ban or restrict the entrance of such products onto the EU market.

Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

EU policymakers need to clarify that the e-privacy should not apply to most Internet of Things devices. The current proposal require explicit user consent in all cases - which is not practical.

Opinion

Can Europe protect its underwater cables from sabotage?

The sabotage of the Nord Stream pipelines was the first major attack on European maritime infrastructure. But while the EU Commission has a critical infrastructure directive in the works, it largely focuses on cybersecurity —not physical attacks.

Phone spying scandal exposes 'impotent' Europe, says lead MEP

Democracy in Europe is being undermined by alleged government-led spyware on citizens, journalists and politicians, says Dutch liberal MEP Sophie In't Veld, who is lead report writer for a European Parliament probe into the abuse.

News in Brief

  1. 'Pro-Kremlin group' in EU Parliament cyberattack
  2. Ukraine will decide on any peace talks, Borrell says
  3. Germany blocks sale of chip factory to Chinese subsidiary
  4. Strikes and protests over cost-of-living grip Greece, Belgium
  5. Liberal MEPs want Musk quizzed in parliament
  6. Bulgarian policeman shot dead at Turkish border
  7. 89 people allowed to disembark in Italy, aid group says
  8. UN chief tells world: Cooperate on climate or perish

Stakeholders' Highlights

  1. Nordic Council of MinistersCOP27: Food systems transformation for climate action
  2. Nordic Council of MinistersThe Nordic Region and the African Union urge the COP27 to talk about gender equality
  3. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  4. Friedrich Naumann Foundation European DialogueGender x Geopolitics: Shaping an Inclusive Foreign Security Policy for Europe
  5. Obama FoundationThe Obama Foundation Opens Applications for its Leaders Program in Europe
  6. EFBWW – EFBH – FETBBA lot more needs to be done to better protect construction workers from asbestos

Latest News

  1. Sweden says 'no' to EU asylum relocation pledges
  2. The 'proof' problem with EU sanctions — and how to fix it
  3. The EU gas cap: will the bottle ever be 'uncorked'?
  4. Enough talk, only rights can eliminate patriarchal violence
  5. Swedish EU presidency: 'Ukraine, Ukraine, Ukraine'
  6. EU Commission to keep Hungary's EU funds in limbo
  7. 'No substance' price ceiling for gas leaves everyone disgruntled
  8. Paying consumers who save most energy could tame gas prices

Stakeholders' Highlights

  1. European Committee of the RegionsRe-Watch EURegions Week 2022
  2. UNESDA - Soft Drinks EuropeCall for EU action – SMEs in the beverage industry call for fairer access to recycled material
  3. Nordic Council of MinistersNordic prime ministers: “We will deepen co-operation on defence”
  4. EFBWW – EFBH – FETBBConstruction workers can check wages and working conditions in 36 countries
  5. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  6. European Centre for Press and Media FreedomEuropean Anti-SLAPP Conference 2022

Join EUobserver

Support quality EU news

Join us