Man
Professional
- Messages
- 3,223
- Reaction score
- 915
- Points
- 113
New security standards for IoT devices are being introduced in the EU.
The EU Council has adopted the Cyber Resilience Act (CRA) with cybersecurity requirements for products with digital elements. The purpose of the law is to ensure that connected cameras, refrigerators, televisions and toys enter the market with an appropriate level of security.
The new act aims to address existing gaps and make cybersecurity legislation more coherent, ensuring that products with digital components are protected throughout their lifecycle.
The law introduces pan-European requirements for cybersecurity at all stages of development, production and market launch of both hardware and software products. This will help to avoid contradictions between the various legislative acts in force in the EU countries. In particular, the software and hardware will be CE marked, which indicates compliance with high standards of safety, health and environmental protection.
The new rules will apply to all products connected to another device or network, with the exception of those for which cybersecurity requirements are already in place, such as medical devices, automobiles and aeronautics equipment. The adopted law will also make it easier for consumers to choose products with digital elements, allowing them to take into account the level of their cybersecurity.
The law will enter into force 20 days after publication in the Official Journal of the EU, and its provisions will come into force 36 months later. Some requirements will apply earlier.
Despite attempts to improve security, ACR can also harm open-source developers and increase the risk of vulnerability disclosure. Many organizations and individuals have already expressed concerns about CRA. In addition, leading cybersecurity experts have warned of the potential abuse of the CRA for intelligence or surveillance purposes.
Source
The EU Council has adopted the Cyber Resilience Act (CRA) with cybersecurity requirements for products with digital elements. The purpose of the law is to ensure that connected cameras, refrigerators, televisions and toys enter the market with an appropriate level of security.
The new act aims to address existing gaps and make cybersecurity legislation more coherent, ensuring that products with digital components are protected throughout their lifecycle.
The law introduces pan-European requirements for cybersecurity at all stages of development, production and market launch of both hardware and software products. This will help to avoid contradictions between the various legislative acts in force in the EU countries. In particular, the software and hardware will be CE marked, which indicates compliance with high standards of safety, health and environmental protection.
The new rules will apply to all products connected to another device or network, with the exception of those for which cybersecurity requirements are already in place, such as medical devices, automobiles and aeronautics equipment. The adopted law will also make it easier for consumers to choose products with digital elements, allowing them to take into account the level of their cybersecurity.
The law will enter into force 20 days after publication in the Official Journal of the EU, and its provisions will come into force 36 months later. Some requirements will apply earlier.
Despite attempts to improve security, ACR can also harm open-source developers and increase the risk of vulnerability disclosure. Many organizations and individuals have already expressed concerns about CRA. In addition, leading cybersecurity experts have warned of the potential abuse of the CRA for intelligence or surveillance purposes.
Source
