BRUSSELS: The European Commission (EC) has enforced a proposal for Cyber Resilience Act (CRA), a new European Union law targetting at safeguarding cyber security in connected devices and software sold on the single market.
Margrethe Vestager, executive vice president of the European Commission for a Europe fit for the digital age, said on Thursday that "the Cyber Resilience Act will ensure that the connected products and software we buy comply with rigorous cybersecurity measures."
"Every single one of these hundreds of millions of linked objects, including computers, phones, household appliances, virtual assistants, cars, and toys, is a possible point of entry for a cyberattack. However, the majority of today's hardware and software goods are not constrained by any cyber security requirements "Thierry Breton, the internal market commissioner for Europe, gave an explanation.
The new law will address three areas of action to ensure the safety of users based on the idea of "security by design": cyber security will become mandatory; the manufacturer will be held accountable for the cyber security of their product throughout its life cycle; and consumers will be better informed about these factors while choosing a product with digital elements.
90 percent of items will be subject to self-evaluation by producers. These consist of word processing, smart speakers, hard drives, and games in addition to photo editing.
A third party will evaluate the remaining 10 percent, which includes crucial products like password managers, firewalls, operating systems, microcontrollers, and industrial firewalls.
According to Breton, the CRA will be implemented through a series of incremental actions. The product will either be recalled or permanently withdrawn once the Commission requests that the producer complies with the CRA, after which a punishment equal to 2 to 5 percent of the company's annual global revenue will be imposed.
The European Parliament and the Council will now review the Commission's proposal for the CRA. If the regulation is approved, it will take two years for firms and EU members to implement it into national law.
EU lawmakers welcome the ban on forced labour but promise to make it stronger
EU will propose a ban on products made using forced labour
