FEATURE
People are more aware of the threats posed by COVIDrelated cyberattacks and are taking steps to secure their home working environment .
greatly improve the security of a broad range of products and strengthen our resilience against cyberthreats , in line with our digital ambitions in Europe .
“ This is a significant step in establishing a comprehensive set of common European cybersecurity standards for the products ( including connected objects ) and services brought to our market .”
The measures proposed will cover wireless devices such as mobile phones , tablets and other products capable of communicating over the Internet ; toys and childcare equipment such as baby monitors ; as well as a range of wearable equipment such as smart watches or fitness trackers .
The new measures will help to :
• Improve network resilience : Wireless devices and products will have to incorporate features to avoid harming communication networks and prevent the possibility that the devices are used to disrupt website or other services functionality .
• Better protect consumers ’ privacy : Wireless devices and products will need to have features to guarantee the protection of personal data . The protection of children ’ s rights will become an essential element of this legislation . For instance , manufacturers will have to implement new measures to prevent unauthorised access or transmission of personal data .
• Reduce the risk of monetary fraud : Wireless devices and products will have to include features to minimise the risk of fraud when making electronic payments . For example , they will need to ensure better authentication control of the user in order to avoid fraudulent payments .
The delegated act will be complemented by a Cyber Resilience Act , recently announced by President von der Leyen in the State of the Union speech , which would aim to cover more products , looking at their whole life cycle .
This proposal , as well as the upcoming Cyber Resilience Act , follow up on the actions announced in the new EU Cybersecurity Strategy presented in December 2020 .
Next steps
The delegated act will come into force following a two-month scrutiny period , should the council and Parliament not raise any objections .
Following the entry into force , manufacturers will have a transition period of 30 months to start complying with the new legal requirements . This will provide the industry with sufficient time to adapt relevant products before the
new requirements become applicable , expected as of mid-2024 .
The Commission will also support the manufacturers to comply with the new requirements by asking the European Standardisation Organisations to develop relevant standards . Alternatively , manufacturers will also be able to prove the conformity of their products by ensuring their assessment by relevant notified bodies .
Background
Wireless devices have become a key part of the life of citizens . They access our personal information and make use of the communication networks . The COVID-19 pandemic has dramatically increased the use of radio equipment for either professional or personal purposes . In recent years , studies by the Commission and various national authorities identified an increasing number of wireless devices that pose cybersecurity risks .
Such studies have for instance flagged the risk from toys that spy the actions or conversations of children ; unencrypted personal data stored in our devices , including those related with payments , that can be easily accessed ; and even equipment that can misuse the network resources and thus reduce their capability . u
50 www . intelligentciso . com