The European Commission (EC) has opened consultations for a new Cyber Resilience Act aimed at upping the security of internet-connected devices. It proposes manufacturers be responsible for the security of their products throughout their lifecycle.

“Just as we can trust a toy or a fridge with a CE marking, the Cyber Resilience Act will ensure the connected objects and software we buy comply with strong cybersecurity safeguards […] It will put the responsibility where it belongs, with those that place the products on the market,” said Margrethe Vestager, executive vice-president for the Digital Age.

The act lays out rules for manufacturers wanting to market their products in Europe, with a list of requirements relating to their design, development and production. It also sets out essential requirements for vulnerability handling processes, requiring manufacturers to report actively exploited vulnerabilities and incidents, as well as providing security support and software updates to address identified vulnerabilities throughout a product’s lifecycle.

The act will cover ‘products with digital elements’ – in other words, all products that are connected either directly or indirectly to another device or network.

Potential fines for security protection failures will reach up to €15 million, or 2.5 per cent of worldwide turnover, whichever is higher.

Other posts by :

1. Eutelsat shareholders reach agreement at AGM
2. Ghana makes MultiChoice fee decision
3. SES announces €0.25c dividend
4. Russia “blinding and destroying” German satellites
5. Bank: AST, Starlink, Kuiper targeting $200bn market
6. Rivada: Is no news good news?
7. SES celebrates Intelsat acquisition
8. Pakistan halts broadband direct-from satellite
9. India stymies Starlink launch

Categories: Articles, Policy, Regulation

Tags: cybersecurity, European Commission