The European Union Cyber Resilience Law Regulates Until TV And Ice Economy, Indonesia's Far Disadvantaged
JAKARTA The threat of cyber attacks that continues to increase from year to year has made a number of governments continue to increase their vigilance. Now it's not just computers, gadgets or smartphones that need to be increased in security.
Smart devices connected to the internet such as refrigerators and TV must also comply with the strict EU cybersecurity rules. They are at risk of being fined or banned from the bloc. This is stated in a European Commission document submitted by Reuters on Thursday, September 8.
Concerns about cybersecurity attacks have escalated in recent years following incidents of hackers damaging businesses and demanding large ransoms, commonly known as ransomware.
EU executives will announce their proposals known as the Cyber Resilience Act on September 13. This possibility will become law after input from EU countries.
The regulation can cut the cost of cyber incidents for companies by 290 billion euros per year versus compliance costs by around 29 billion euros, the newspaper said.
The draft law states that manufacturers should assess the cybersecurity risks of their respective products and take appropriate procedures to fix problems.
The company must also notify EU ENISA cybersecurity agencies about the incident within 24 hours of their knowledge of the matter, and take immediate action to address the issue.
Even importers and distributors of electronic products will be required to verify that the imported products are in accordance with EU rules.
If the company does not comply, the national surveillance authority could "prohibit or limit the product available in its national market, or withdraw it from the market or withdraw it back.
Violating these rules can also be subject to a company fine of 15 million euros (Rp 224 million) or up to 2.5% of their total global turnover, which is higher, with lower fines for less serious violations.
Meanwhile, in Indonesia, the law on cyber itself does not exist yet. It has not even been proposed. So far, cyber issues in Indonesia have only been regulated according to Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Information and Electronic Transactions (UU 19/2016).
However, the ITE Law also does not provide a definition of cybercrimes, but divides them into several groupings referring to the Convention on Cybercrimes.
Now the DPR and the Government have agreed to bring the Draft Law (RUU) on Personal Data Protection (PDP) to a level II discussion in the DPR Plenary Meeting to be ratified into law.
Indonesia itself already has the National Cyber and Crypto Agency (BSSN) whose formation is only based on PERPRES No. 133 of 2017 concerning Amendments to Presidential Regulation Number 53 of 2017 concerning the National Cyber and Crypto Agency.
If you want to be more serious about dealing with cyber attack issues that result in data leakage, then the Indonesian government should start making more serious laws on cyber. It's not enough just the ITE Law or even the PDP Bill.