EU Agrees Cybersecurity Rules For Connected Devices

Jose Luis Escriva, Minister of Digital Transformation Spain (photo: x @joseluisescriva)

JAKARTA - EU countries together with decision makers on Thursday, November 30 approved rules to protect laptops, refrigerators, mobile apps, and smart devices connected to the internet from cyber threats. This follows a series of attacks and ransom demands in recent years around the world.

Proposed by the European Commission in September last year, the Cyber Resilience Act will apply to all products directly or indirectly connected to other devices or to the network.

The law establishes cybersecurity requirements for design, development, production, and sales of hardware and soft products.

Manufacturers must assess the cybersecurity risks of their products, provide compliance declarations, and take appropriate action to fix problems during the expected product life, or for at least five years.

They should be more transparent about the safety of hardware and software products for consumers and business users, as well as reporting cyber incidents to national authorities. Importers and distributors must verify that the product complies with EU rules.

"Linked devices require a basic level of cybersecurity when sold in the EU, ensuring that businesses and consumers are well protected against cyber threats," said Jose Luis Escriva, Spain's Minister of Digital Transformation, in a statement quoted by VOI from Reuters.

The European Commission said that this cybersecurity rule could save the company 290 billion euros (IDR 4,875 trillion) annually compared to compliance costs of around 29 billion euros.