EU cybersecurity rules for smart devices enter into force
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Google
Government & Policy
Hardware
Instagram
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Rules for boosting the security of connected devices have entered into force in the European Union.
The Cyber Resilience Act (CRA) puts obligations on product makers to provide security support to consumers, such as by updating their software to fix security vulnerabilities. Although the deadline for compliance with the main obligations of the law is still three years out — December 11, 2027 — to allow device makers time to comply.
The legislation was proposed a little over two years ago, with the goal of amping up the security of devices such as smartwatches, internet-connected toys and home appliances that can be controlled by an app.
The proliferation of connected devices has led to worries over rising hacking risks, with quasi-regular headlines about hacked baby monitors and kids toys amping up concerns that profits were being put before consumer security.
The pan-E.U. law puts mandatory cybersecurity requirements on products with digital elements. Requirements apply throughout in-scope products’ lifecycles, from design, development, and operation. Distributors and retailers must also ensure the stuff that they supply or stock abides by the EU’s rules.
The CRA applies to connected devices broadly — meaning products that connect directly or indirectly to another device or network — with exceptions in the case of products that are covered by other existing E.U. rules, such as medical devices, cars, and some open-source software.
Devices can display the E.U.’s CE mark to communicate that they are abiding by the CRA. Regional consumers should then have less leg work to ensure they are purchasing a more secure product if they look out for the CE marking.
The bloc has said it wants the law to “rebalance responsibility” for cybersecurity towards manufacturers, who must ensure products with digital elements meet the legal standards if they wish to access the E.U. market.
Penalties for failing to meet the CRA’s standards will fall to Member State-level oversight bodies, which will be responsible for compliance checks. But the law states that breaches of “essential cybersecurity requirements” can risk fines of up to 2.5% of global annual turnover (or up to €15 million if greater). Breaches of other requirements risk fines of 2% (up to €10 million). Failure to respond properly to regulatory requests risks 1% (or €5 million).
Topics
Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again
Spotify has disabled Car Thing streaming devices
OpenAI’s Sora video generator is launching for ChatGPT Pro and Plus subscribers — but not in the EU
Bluesky teases paid subscription, Bluesky+, in new mockup
OpenAI’s Sora is launching today — here are highlights from the first review
Troubled electric truckmaker Nikola offers up to $100 million in common stock
It’s a Raspberry Pi 5 in a keyboard, and it’s called the Raspberry Pi 500
Natasha is a senior reporter for TechCrunch, joining September 2012, based in Europe. She joined TC after a stint reviewing smartphones for CNET UK and, prior to that, more than five years covering business technology for silicon.com (now folded into TechRepublic), where she focused on mobile and wireless, telecoms & networking, and IT skills issues. She has also freelanced for organisations including The Guardian and the BBC. Natasha holds a First Class degree in English from Cambridge University, and an MA in journalism from Goldsmiths College, University of London.
Subscribe for the industry’s biggest tech news
Every weekday and Sunday, you can get the best of TechCrunch’s coverage.
TechCrunch's AI experts cover the latest news in the fast-moving field.
Every Monday, gets you up to speed on the latest advances in aerospace.
Startups are the core of TechCrunch, so get our best coverage delivered weekly.
By submitting your email, you agree to our Terms and Privacy Notice.
© 2024 Yahoo.
source
Sponsor:News technical sponsor
Sponsor:News AI sponsor
Sponsor: AI sponsor
Sponsor: AI sponsor
Leave a Comment