The executive branch of the European Union on Thursday proposed new laws that would compel manufacturers to guarantee that internet-connected devices adhere to cybersecurity rules, making the 27-nation bloc less susceptible to assaults.
According to the EU, a malware attack occurs every 11 seconds, with the cost of cybercrime worldwide expected to reach 5.5 trillion euros in 2021. According to EU officials, cyberattacks cost the continent of Europe alone anywhere between 180 and 290 billion euros annually.
The European Commission claimed that the coronavirus epidemic saw an upsurge in cyberattacks. Russia’s conflict in Ukraine has sparked worries that European energy infrastructure may also be targeted amid a worldwide energy shortage.
The Cyber Resilience Act, as it has been proposed, aims to ban all items with digital components from the EU market that are not sufficiently safeguarded.
According to the EU’s executive commission, the rule will not only lessen attacks but also benefit consumers by enhancing data and privacy protection.
Thierry Breton, the EU commissioner for the internal market, stated that when it comes to cybersecurity, “Europe is just as strong as its weakest link, be it a susceptible member state or a dangerous product along the supply chain.”
“Every one of these hundreds of millions of connected objects, including computers, phones, home appliances, virtual assistant technology, autos, and toys, is a possible entry point for a cyberattack.”
The EU is working on several fronts to encourage cyber resilience, combat cybercrime, and strengthen cyber diplomacy and defense.
Digital technologies are now increasingly necessary for the operation of key industries like finance, energy, transportation, and health. Even though digitalization opens up a world of possibilities and addresses many of the problems that Europe is currently experiencing, including the COVID-19 crisis, it also puts the economy and society at risk from online threats.
The frequency and sophistication of cyberattacks and cybercrime are rising throughout Europe. Given that 22.3 billion devices are anticipated to be connected to the Internet of Things by 2024, this tendency is predicted to continue.
Greater public trust in digital tools and services could result from a more aggressive cybersecurity response to create open and secure cyberspace.
EU leaders advocated for strengthening the EU’s capacity to:
- Protecting itself against online dangers
- Creates a safe communication environment, especially with quantum encryption.
- Ensure that information is accessible for judicial and law enforcement use.
A new EU cybersecurity strategy was unveiled in December 2020 by the European Commission and the European External Action Service (EEAS). This policy aims to make Europe more resilient to cyber threats and ensure that all individuals and organizations can fully benefit from dependable and trustworthy services and digital technologies. The new approach includes specific recommendations for using policy, investment, and regulatory instruments.
The Council issued conclusions on the cybersecurity policy on March 22, 2021, emphasizing the importance of cybersecurity in creating a resilient, environmentally friendly, and technologically advanced Europe. Achieving strategic autonomy while maintaining an open economy was a top priority for EU ministers. Increasing the EU’s strategic and leadership positions in the digital sphere includes enhancing its capacity to make independent cybersecurity decisions.
To address present and potential online and offline vulnerabilities, the EU is also working on two legislative proposals:
- a revised directive to enhance network and information system security
- a new directive on critical entity resilience
Benefit of Regulations
According to Breton, most hardware and software products are not currently bound by cybersecurity requirements.
If the rule were to be enacted, producers would have to consider cybersecurity while creating new products. Companies would be liable for the security of products for the duration of their anticipated lifetime, or at least five years.
Market regulators will be able to penalize businesses that do not follow the standards and withdraw or recall non-compliant devices.
The Computer and Communications Industry Association (CCIA) supported the commission’s purpose to increase cyber resilience, which represents companies in the computer, communications, and internet sectors. Still, it was felt that the draught law would add unneeded requirements.
According to CCIA Europe Public Policy Director Alexandre Roure, “These cybersecurity standards should work to weed out defective products from the EU market, but the current… proposal would lead to the accumulation of innovative items in waiting rooms before Europeans can utilize them.”
To prevent duplicative requirements, the new laws should instead respect internationally recognized norms and encourage collaboration with reputable trading partners.