BRUSSELS (AP) – The executive arm of the European Union on Thursday proposed new legislation that would oblige manufacturers to ensure that internet-connected devices meet cybersecurity standards, making the blockade of 27 nations less vulnerable to attack.
The EU said a ransomware attack takes place every 11 seconds and the global annual cost of cybercrime is estimated at € 5.5 trillion in 2021. In Europe alone, cyber attacks cost between € 180 and 290 billion. every year, according to EU officials.
The European Commission said there was an increase in cyber attacks during the coronavirus crisis, while Russia’s war in Ukraine raised concerns that Europe’s energy infrastructure could also be targeted in the midst of an energy crisis. global.
The law, proposed to be called the Cyber Resilience Act, aims to get all products with insufficiently protected digital elements out of the EU market.
The Commission said the law will not only reduce attacks but will also benefit consumers as it improves data and privacy protection.
“When it comes to cybersecurity, Europe is only as strong as its weakest link, whether it is a vulnerable member state or an unsafe product along the supply chain,” said Thierry Breton, EU Commissioner for internal market.
“Computers, phones, appliances, virtual assistive devices, cars, toys … each of these hundreds of millions of connected products is a potential entry point for a cyber attack.”
Breton stated that most hardware and software products are currently not subject to any cybersecurity obligations.
If adopted, the regulation will require manufacturers to take cybersecurity into account in the design and development of their devices. And companies will remain responsible for their safety for the entire expected life of the products, or for a minimum of five years.
Market authorities will have the power to withdraw or retire non-compliant devices and to sanction companies that fail to comply with the rules.
The Computer and Communications Industry Association (CCIA), which represents companies in the computer, communications and internet industries, welcomed the commission’s goal of improving cyber resilience, but said the bill would not necessary.
“These cybersecurity rules should aim to eliminate bad products from the EU market, but the current … proposal would lead to innovative products piling up in waiting rooms before they can be used by Europeans,” he said Alexandre, Director of Public Policy of CCIA Europe Roure.
“Instead, the new rules should recognize globally accepted standards and facilitate cooperation with trusted business partners to avoid duplicate requirements.”