On Thursday, September 15, the Commission proposed a new legislative act on cyber security at the EU level. Manufacturers will have stricter liability obligations, requiring them to provide security support and software updates to address discovered vulnerabilities.
The legislation, announced by European Commission President Ursula von der Leyen in September 2021, includes stricter obligations for digital equipment manufacturers and better information for consumers about the cybersecurity of the products they buy and use. .
- “Every 11 seconds, somewhere in the world, an organization becomes the target of ransomware attacks; It is estimated that in 2021 the annual cost of cybercrime will reach €5.5 trillion worldwide. In this environment, it is more important than ever to ensure a high level of cyber security and reduce the vulnerability of digital products, which is one of the main ways that attacks can be successful.”, – says the European Commission.
Ransomware site is malicious software (malicious software) that prevents access to files or even the entire infected computer system until a “reward” (ransom) is paid.
The measures proposed today will establish:
- (a) rules on the placing on the market of products with digital components designed to ensure the cyber security of those products;
- (b) basic requirements for the design, development and production of products with digital components and the obligations of business entities regarding these products;
- (c) the essential requirements for the vulnerability management processes implemented by manufacturers to ensure the cybersecurity of products with digital components throughout the entire life cycle, as well as the obligations of economic operators in relation to these processes. Manufacturers will also be required to report actively exploited vulnerabilities and incidents;
- (d) market monitoring and enforcement.
The proposed regulation would apply to all products that are directly or indirectly connected to another device or network. A number of exemptions are provided for products that are already subject to cybersecurity requirements set out in existing EU regulations, such as medical devices, aircraft or cars.
- Next steps
Now it is the turn of the European Parliament and the Council to consider the draft law on cyber resilience. After its adoption, economic entities and member states will have two years to adapt to the new requirements.
An exception to this rule will be the obligation for manufacturers to report actively used vulnerabilities and incidents, which will already apply one year after the effective date, because this obligation requires less organizational change than other new obligations.
The Commission will regularly review the European Cybersecurity Act and report on its functioning.
Source: Hot News RO
Anna White is a journalist at 247 News Reel, where she writes on world news and current events. She is known for her insightful analysis and compelling storytelling. Anna’s articles have been widely read and shared, earning her a reputation as a talented and respected journalist. She delivers in-depth and accurate understanding of the world’s most pressing issues.