The EU adopted a new law that requires manufacturers of IoT devices to implement strong security measures

The EU adopted a new law that requires manufacturers of IoT devices to implement strong security measures

marry 11.10.2024, 12:30 PM

The Council of the European Union officially adopted the Cyber ​​Resilience Act (CRA) this week, which requires manufacturers to implement robust security measures for all products with digital elements before they reach the hands of consumers.

From smart doorbells and speakers to baby monitors, the new law will apply to any product that is directly or indirectly connected to another smart device or Wi-Fi network.

The new law aims to fill gaps, clarify links and make the existing legislative framework for cyber security more coherent, ensuring that products with digital components, for example IoT devices, are secure throughout the supply chain and throughout their life cycle.

The requirements of the CRA will apply to the design, development, production and placing on the market of hardware and software products, in order to avoid overlapping requirements arising from different legal regulations in EU member states.

EU lawmakers said the law would finally give consumers the power to choose hardware and software products with the right security features to meet their needs.

Software and hardware products will carry the CE mark (Conformite Europeenne or European Compliance), which indicates that they comply with CRA requirements. CE is already used on many products sold in the European Economic Area (EEA) and it means that the products meet the high requirements in terms of safety, health and environmental protection according to the current legislation.

Exempted from the CRA requirements will be devices for which cybersecurity requirements are already set out in other existing EU legislation, and such products include medical devices, aerospace products and automobiles.

It is expected that the new law, which is first proposed in September 2022signed by the presidents of the EU Council and the European Parliament, and then it will be published in the official EU gazette in the next few weeks.

The law takes effect in 20 days, although it is expected to take up to three years to be fully implemented.

Photo: eberhard grossgasteiger | Pexels

Source: www.informacija.rs