“Connected devices need a basic level of cybersecurity when sold in the EU, ensuring that businesses and consumers are properly protected against cyber threats,” said José Luis Escrivá, Spanish minister of digital transformation, in a statement.
The new law is a cornerstone of a wider EU strategy to respond to the myriad of cyber threats facing European governments, industry and citizens.
The legislation will force manufacturers within 24 hours to report “any actively exploited” vulnerabilities — for which a fix hasn’t been found — to the EU’s cybersecurity agency (ENISA) as well as national Computer Incident Response Teams (CSIRTS). It will also require them to support the security of a product throughout its lifetime or for at least five years — or else face fines.
The law also makes a point of allowing national regulators to consider “non-technical risk factors” when determining the significance of a cybersecurity risk. “Dependencies on high-risk suppliers of products with digital elements may pose a strategic risk that needs to be addressed at Union level, especially when the products with digital elements are intended for the use by essential entities,” the text reads. That could open the door to new EU policies restricting the use of technologies originating in China and other authoritarian countries.
In a last-minute change, lawmakers scrapped plans to create an “expert group” of industry, civil society and academia representatives to evaluate digital products. Instead, the Commission will consult groups while the regulation is implemented.
Representatives of the Commission, the Parliament and the Council agreed on the details of the text during late-night talks in Brussels.
“It is important that we increase the protection of EU citizens and businesses,” said Morten Løkkegaard, a Danish liberal MEP who followed the bill closely, ahead of the final negotiations.
The text needs to be formally signed off by the European Parliament plenary meeting and national governments at the EU Council. Industry and governments will have three years to adapt to the new requirements, which will start applying early 2027.
if ( document.referrer.indexOf( document.domain ) < 0 ) {
pl_facebook_pixel_args.referrer = document.referrer;
}!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,'script',
'https://connect.facebook.net/en_US/fbevents.js');fbq( 'consent', 'revoke' );
fbq( 'init', "394368290733607" );
fbq( 'track', 'PageView', pl_facebook_pixel_args );if ( typeof window.__tcfapi !== 'undefined' ) {
window.__tcfapi( 'addEventListener', 2, function( tcData, listenerSuccess ) {
if ( listenerSuccess ) {
if ( tcData.eventStatus === 'useractioncomplete' || tcData.eventStatus === 'tcloaded' ) {__tcfapi( 'getCustomVendorConsents', 2, function( vendorConsents, success ) {
if ( ! vendorConsents.hasOwnProperty( 'consentedPurposes' ) ) {
return;
}const consents = vendorConsents.consentedPurposes.filter(
function( vendorConsents ) {
return 'Create profiles for personalised advertising' === vendorConsents.name;
}
);if ( consents.length === 1 ) {
fbq( 'consent', 'grant' );
}
} );
}
}
});
}
Source link
EU strikes deal on cyber law for internet-connected products – POLITICO #strikes #deal #cyber #law #internetconnected #products #POLITICO
Source link Google News
Source Link: https://www.politico.eu/article/eu-strikes-deal-cyber-resilience-act-cra-law-internet-connected-products/
