The European Union Officially Published The Cyber Resilience Law, Connected Devices To The Internet Must According To EU Standards
JAKARTA Data protection from cyberattacks has become a serious concern for EU member countries. They now want to issue new laws and regulations to anticipate cyber attacks that are getting worse day by day.
From laptops to refrigerators to even mobile apps, smartphones connected to the internet should be assessed as cybersecurity risks under EU draft rules announced on Thursday, September 15 amid concerns about a spate of cyber attacks.
The company faces a fine of 15 million euros (IDR 223.6 billion) or up to 2.5% of their total global turnover if they fail to comply with the law proposed by the European Commission known as the Cyber Resilience Act. The Cyber Resilience Act will require manufacturers to fix any issues identified.
Companies can save as much as 290 billion euros (IDR 4,311 trillion) per year in cyber-versus compliance costs of around 29 billion euros (IDR 431.1 trillion), EU executives said.
A series of hacking incidents that have damaged businesses and demanded large ransoms in recent years have raised concerns about vulnerabilities in operating systems, network equipment and software.
"It (the law) will place the responsibility in place, with those placing the product in the market," EU digital head Margrethe Vestager said in a statement.
Manufacturers should assess the cybersecurity risks of their products and take appropriate action to fix problems over a period of five years or during the expected product life.
The company must notify EU cybersecurity agency, ENISA, of any incident within 24 hours of realizing it, and take action to resolve it. Importers and distributors must also verify that the product is in accordance with EU rules.
The Association of Computer & Communications Industries (CCIA Europe) warns that a bureaucracy generated from the approval process could hamper the launch of new technologies and services in Europe.
"On the other hand, new rules must recognize globally accepted standards and facilitate cooperation with trusted trading partners to avoid duplicate requirements," said Director of Public Policy, Alexandre Roure.
If companies do not comply with EU rules, national surveillance authorities can ban or limit products from being available in their national markets.
Draft rules need to be approved with EU countries and EU lawmakers before they can become laws.