The European Commission will implement a new regulation on cyber resilience to strengthen the security of connected objects. This measure, which will come into force in 2024, aims to better protect users.
Connected watch, surveillance camera, voice assistant, smart thermostat, video baby monitor… There is a good chance that you have one or more of these objects in your home. And yet, even if connected objects can be very useful in everyday life, they can represent a real threat. The reason ? Like the vast majority of IT tools, they contain your personal and sometimes banking data. Which naturally arouses the desire of scammers and other people with bad intentions. To remedy this, the European Commission proposed, in September 2022, the Cyber Resilience Act, which aims to strengthen the security of products containing digital elements.
Cyber Resilience Law: User Safety First
As reported Le Figaro, the presidency of the European Commission has reached an agreement with MEPs. New rules will come into force from the start of 2024 to protect connected objects in the European Union against cyber threats. “The Cyber Resilience Act will strengthen the cybersecurity of connected products, addressing hardware and software vulnerabilities, making the EU a safer and more resilient continent”, explained Nicola Danti, MEP. Thanks to this regulation, the list of devices concerned has been extended to other connected objects but also to applications, such as identity management software, password managers, home assistants and even security cameras. private security. Manufacturers of connected objects will therefore have to provide their equipment with a secure configuration by default, but also update it free of charge.
For their part, developers, distributors and importers will have to provide support to consumers for at least five years. But that’s not all ! They will also have to be transparent about possible vulnerabilities. During negotiations, the different parties also raised a central issue of cybersecurity: the sharing of sensitive information between manufacturers, national authorities and the European agency. Indeed, European Union countries that wish to do so will be able to keep control and thus limit the information transmitted to Enisa, the European Union agency for cybersecurity. For the European Commission’s text to become law, it will have to be formally adopted by the Parliament and the Council. According to Le Figarothe Committee on Industry, Research and Energy will organize a vote at a future meeting.