The Cyber Resilience Act proposed by the EU specifies cybersecurity criteria for hardware and software product design, development, manufacturing, and sale to analyze cybersecurity risks.
EU governments and the EU parliament agreed on Thursday to cybersecurity guidelines to protect laptops, fridges, mobile apps, and other gadgets connected to the internet from cyber threats following a spate of cyberattacks and ransom demands in recent years throughout the world.
The Cyber Resilience Act, proposed by the European Commission in September of last year, will apply to any items that are connected, either directly or indirectly, to another device or to a network. It specifies cybersecurity criteria for hardware and software product design, development, manufacturing, and sale.
Manufacturers will be required to analyze the cybersecurity risks of their products, provide conformity declarations, and take appropriate action to rectify vulnerabilities within the product’s estimated lifetime or for a period of at least five years.
They must be more transparent to consumers and corporate users about the security of hardware and software products, and they must disclose cyber events to national authorities. Importers and distributors will be required to ensure that their products comply with EU regulations.
“When sold in the EU, connected devices must have a basic level of cybersecurity to ensure that businesses and consumers are properly protected against cyber threats,” said Jose Luis Escriva, Spain’s minister of digital transformation.
According to the Commission, the cybersecurity standards could save corporations up to 290 billion euros ($316 billion) per year, compared to compliance costs of roughly 29 billion euros.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.