EU to announce strict cybersecurity rules for smart device makers

The European Union is set to introduce new laws which will increase the cybersecurity scrutiny on smart device makers.

The EU executive will announce its new proposal, dubbed the Cyber Resilience Act, on September 13 and it is expected to subsequently be signed into law. 

The new regulation will mean that any smart device connected to the internet – ranging from smart fridges and vacuum cleaners to TVs and smart speakers – will have to meet a higher bar of cybersecurity certification in order to be sold within the bloc.

According to documents seen by Reuters, smart device makers will have to assess the cybersecurity risks of their products and take appropriate measures to fix any problems. Upon identifying any cybersecurity issues with their products, manufacturers will have to notify EU cybersecurity agency ENISA within 24 hours and take measures to tackle the problems. 

Importers and distributors will also be required to verify that the products they are selling conform with the rules, even if their source is from outside of the EU.

The report says that companies who fail to comply with the new rules will face national security authorities who can “prohibit or restrict that product being made available on its national market, to withdraw it from that market or recall it.” 

Offending companies will also face fines up to €15 million or 2.5% of their global turnover, whichever is higher. 

The EU will hope that this new law will help to protect consumers in Europe and cut the cost of cyber incidents to companies by as much as €290 billion per year.