From laptops to refrigerators to mobile applications, internet-connected smart devices will need to assess their cybersecurity risks and correct them. The “Cyber Resilience Act”, The European Commission’s bill, announced on Thursday 15 September amid the concerns raised by the wave of cyber attacks.

The law establishes a new legislative framework for the EU and will introduce rules forplacing on the market from products with digital elements to ensure IT security, i requirements essential for the designlo development and the production and for i management processes, and market surveillance and enforcement rules. Manufacturers will also need to report actively exploited vulnerabilities and incidents. There will be exceptions on some products such as medical devices, aviation or automobiles where cyber security requirements are already in place. Once the law is adopted, economic operators and Member States will have two years to adapt.

If they don’t, they will risk it fines of up to 15 million euros or up to 2.5% of their global turnover and national supervisors will be able to to forbid o to limit the availability of a particular product on the national market. Manufacturers will need to assess cybersecurity risks and adopt appropriate procedures to resolve issues over a five-year period or throughout the expected product life cycle. Companies must notify theENISAthe EU’s cybersecurity agency, incidents within 24 hours from the moment they become aware of problems and take steps to solve them. Importers and distributors will have to check that products comply with EU standards.

According to the European executive, companies could save up to 290 billion € per year in the event of cyber incidents, against compliance costs of approximately € 29 billion. According to the data highlighted by the Commission, the ransomware attacks (malicious software that infects a device by restricting its access) they hit an organization every 11 seconds worldwide and the estimated global annual cost of cybercrime reached in 2021 i 5.5 trillion euros. The new rules – writes the Commission – will rebalance responsibility towards producers. As a result, they will go for the benefit of consumers and citizensensuring better protection of their fundamental rights, such as privacy and data protection

“The law will put responsibility in its place, that is to those who place products on the market,” said the head of the digital sector dell’UE Margrethe Vestager. Il responsible dell’industry dell’UE, Thierry Breton, on the other hand, stressed the numerous devices vulnerable to hacking. “Computers, telephones, appliances, virtual assistive devices, cars, toys. Each of these hundreds of millions of connected products is a potential entry point for a cyber attack. ” “Today’s Cyber ​​Resilience Act is our response to new digital threats – wrote the Vice President of the European Commission, Margaritis Schinas – As we move closer to the Internet of Things, we bring security to everyone’s homes, to all businesses, to every interconnected product. Cyber ​​security is a society issue, not an industry affair ”.