September 27, 2022
The European Commission is proposing the EU Cyber Resilience Act, a set of regulations that would redefine the rules surrounding cybersecurity and lead to more secure hardware and software products for end users.In reality, many devices in customers’ hands right now don’t offer the necessary security or manufacturer support for the long run. Consumers are…

The European Commission is proposing the EU Cyber Resilience Act, a set of regulations that would redefine the rules surrounding cybersecurity and lead to more secure hardware and software products for end users.

In reality, many devices in customers’ hands right now don’t offer the necessary security or manufacturer support for the long run. Consumers are inundated with subpar devices rushed through development without security considerations, with the sole purpose of being first on the market.

One way to ensure user safety is to enforce regulations that prompt manufacturers to build products with cybersecurity in mind.

“The current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs,” explained the EU in the proposal.

“We deserve to feel safe with the products we buy in the single market. Just as we can trust a toy or a fridge with a CE marking, the Cyber Resilience Act will ensure the connected objects and software we buy comply with strong cybersecurity safeguards,” said Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age. “It will put the responsibility where it belongs, with those that place the products on the market.”

Manufacturers will have to ensure that hardware and software products arrive on the EU market with fewer vulnerabilities and they’ll have to fix newly discovered vulnerabilities as quickly as possible. Companies will also have to provide adequate support for their devices and offer consumers more information on cybersecurity before they purchase a product.

The EU Cyber Resilience Act should result in more transparency regarding cybersecurity and the support users can expect from hardware and software manufacturers. The European Parliament and the Council still need to examine the draft. Once adopted, companies will have two years to adapt to the new regulations if they want to sell their products in the European market.

Source