With the “Cyber Resilience Law”, the European Commission wants to strengthen the security level of connected objects and digital products. This draft regulation is presented this Thursday, September 15, to the European Parliament. It urges manufacturers of connected objects to increase the security level of their products from the design stage to limit the possibilities of cyber attacks.
Strong economic sanctions
“By introducing cybersecurity by design, the legislation … will help protect the European economy and our collective security,” he explained. The draft regulation on cyber resilience still needs to be negotiated for several months by MEPs and Member States.
Products and software may only be marketed if they meet the security criteria. These are all products connected directly or indirectly to another object or network. In addition, “the text introduces an obligation of transparency on the possible faults or incidents observed. Companies must document them and report on the way they are treated”.
In case of non-compliance with the rules, fines of up to 15 million euros or 2.5% of its turnover are foreseen. The correct application of the rules will be the responsibility of the Member States. They will designate an authority in charge of market surveillance, capable of ordering, for example, the recovery or withdrawal of products. The Commission hopes to make this new legislation an international reference, beyond the single market. The annual cost of cybercrime has been estimated at 5.5 billion euros worldwide in 2021, according to the European executive.
Source: BFM TV
