Draft EU rules target smart devices with cybersecurity risks
(Reuters) — Smart devices connected to the internet such as refrigerators and televisions will have to comply with tough European Union cybersecurity rules or risk being fined or banned from the bloc, according to a European Commission document seen by Reuters on Thursday.
Concerns about cybersecurity attacks have mounted in recent years following high-profile incidents of hackers damaging businesses and demanding huge ransoms.
The EU executive will announce its proposal known as the Cyber Resilience Act on Sept. 13. It is likely to become law following input from EU countries.
Manufacturers will have to assess the cybersecurity risks of their products and take appropriate steps to fix problems, the document said.
The companies will have to notify EU cybersecurity agency ENISA of incidents within 24 hours once they are aware of issues and take measures to tackle the problems.
Importers and distributors will be required to verify that products conform with EU rules.
If companies do not comply, national surveillance authorities can “prohibit or restrict that product being made available on its national market, to withdraw it from that market or recall it,” the paper said.
Flouting the rules can cost companies fines of as much as €15 million or up to 2.5% of their total global turnover, whichever is higher, with lower fines for less serious breaches.
