EU to introduce strict IoT security regulation
The EU is set to introduce a law that would require smart devices to follow strict cyber security rules, on threat of a device ban.
Internet of Things (IoT) devices such as smart home controls or fitness trackers are becoming more ubiquitous, making life more convenient while also increasing the vectors through which threat actors can perpetrate cyber crime.
The proposal, which Reuters reports is titled the Cyber Resilience Act, will be formally put forward on 13 September. Once law, smart device manufacturers will be required to review the risk profiles of their products and fix any discovered vulnerabilities.
In the event of a problem or threat being discovered, the law will also require companies to notify the European Union Agency for Cybersecurity (ENISA) within 24 hours.
Companies that fail to abide by the provisions laid out in the legislation will be faced with serious consequences, with the higher value of either €15 million or 2.5% of global turnover proposed as the upper limit for fines. Products that are considered to violate the law could also be banned from EU sale altogether.
Researchers have long been concerned over the security risk posed by IoT devices. In 2021, Kaspersky researchers reported that over 1.5 billion attacks had been made against such devices in just the first six months of the year, a more than 100% increase from the same period in the previous year.
In the proposal paper seen by Reuters, lawmakers argue that the introduction of the Cyber Resilience Act could cost companies as much as €29 billion per year – but that this would save an estimated €290 billion in annual damages.
Security firms specialising in smart device assessment could also see a major boost as a result of the law. In March, Meticulous Market Research predicted that the IoT security market would hit $59 billion by 2029.
Ⓒ Future Publishing
Subscribers 0
Fans 0
Followers 0
Followers