(Reuters) – EU countries and EU lawmakers on Thursday approved rules to protect laptops, fridges, mobile apps and internet-connected smart devices from cyber threats after such attacks and ransom demands have been rampant in recent years around the world. But agreed.
Proposed by the European Commission in September last year, the Cyber Resilience Act would apply to all products directly or indirectly connected to another device or network.
It sets cybersecurity requirements for the design, development, production, and sale of hardware and software products.
Manufacturers must assess the cybersecurity risks of their products, provide a declaration of conformity and take appropriate action to correct problems during the expected lifetime of the product, or at least five years.
They should be more transparent on the security of hardware and software products to consumers and business users and report cyber incidents to national authorities. Importers and distributors must verify that products conform to EU regulations.
“Connected devices are required to have a basic level of cybersecurity when sold in the EU, ensuring that businesses and consumers are properly protected from cyber threats,” Spain’s Digital Transformation Minister Jose Luis Escriva said in a statement. “
The Commission has said cybersecurity rules could save companies €290 billion ($316 billion) annually against compliance costs of about €29 billion.