Connect with us

Cyber Security

Commission strengthens cybersecurity of wireless devices and products

SHARE:

Published

on

We use your sign-up to provide content in ways you've consented to and to improve our understanding of you. You can unsubscribe at any time.

The Commission has taken action to improve the cybersecurity of wireless devices available on the European market. As mobile phones, smart watches, fitness trackers and wireless toys are more and more present in our everyday life, cyber threats pose a growing risk for every consumer. The delegated act to the Radio Equipment Directive adopted today aims to make sure that all wireless devices are safe before being sold on the EU market. This act lays down new legal requirements for cybersecurity safeguards, which manufacturers will have to take into account in the design and production of the concerned products. It will also protect citizens' privacy and personal data, prevent the risks of monetary fraud as well as ensure better resilience of our communication networks.

A Europe Fit for the Digital Age Executive Vice President Margrethe Vestager said: “You want your connected products to be secure. Otherwise how to rely on them for your business or private communication? We are now making new legal obligations for safeguarding cybersecurity of electronic devices.”

Internal Market Commissioner Thierry Breton said: "Cyber threats evolve fast; they are increasingly complex and adaptable. With the requirements we are introducing today, we will greatly improve the security of a broad range of products, and strengthen our resilience against cyber threats, in line with our digital ambitions in Europe. This is a significant step in establishing a comprehensive set of common European Cybersecurity standards for the products (including connected objects) and services brought to our market.”

The measures proposed will cover wireless devices such as mobile phones, tablets and other products capable of communicating over the internet; toys and childcare equipment such as baby monitors; as well as a range of wearable equipment such as smart watches or fitness trackers.

Advertisement

The new measures will help to:

  • Improve network resilience: Wireless devices and products will have to incorporate features to avoid harming communication networks and prevent the possibility that the devices are used to disrupt website or other services functionality.
  • Better protect consumers' privacy: Wireless devices and products will need to have features to guarantee the protection of personal data. The protection of children's rights will become an essential element of this legislation. For instance, manufacturers will have to implement new measures to prevent unauthorised access or transmission of personal data.
  • Reduce the risk of monetary fraud: Wireless devices and products will have to include features to minimise the risk of fraud when making electronic payments. For example, they will need to ensure better authentication control of the user in order to avoid fraudulent payments.

The delegated act will be complemented by a Cyber Resilience Act, recently announced by President von der Leyen in the State of the Union speech, which would aim to cover more products, looking at their whole life cycle. Today's proposal as well as the upcoming Cyber Resilience Act follow up on the actions announced in the new EU Cybersecurity Strategy presented in December 2020. 

Next Steps

The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections.

Advertisement

Following the entry into force, manufacturers will have a transition period of 30 months to start complying with the new legal requirements. This will provide the industry with sufficient time to adapt relevant products before the new requirements become applicable, expected as of mid-2024.

The Commission will also support the manufacturers to comply with the new requirements by asking the European Standardisation Organisations to develop relevant standards. Alternatively, manufacturers will also be able to prove the conformity of their products by ensuring their assessment by relevant notified bodies.

Background

Wireless devices have become a key part of the life of citizens. They access our personal information and make use of the communication networks. The COVID-19 pandemic has dramatically increased the use of radio equipment for either professional or personal purposes.

In recent years, studies by the Commission and various national authorities identified an increasing number of wireless devices that pose cybersecurity risks. Such studies have for instance flagged the risk from toys that spy the actions or conversations of children; unencrypted personal data stored in our devices, including those related with payments, that can be easily accessed; and even equipment that can misuse the network resources and thus reduce their capability.  

More information

Questions and Answers on the Delegated Act

Delegated Act to the Radio Equipment Directive

Impact assessment report

EU Cybersecurity Strategy

Share this article:

Cyber Security

How the Parliament wants to boost cybersecurity in the EU (interview)

Published

on

Parliament want to better protect Europeans and businesses against growing cyber threats. Learn more in this interview with MEP Bart Groothuis (pictured), Society.

As network and information systems become a central feature of everyday life, cybersecurity threats have expanded. They can cause financial damage and go as far as disrupting water and power supplies or hospital operations. Strong cybersecurity is crucial to protect people, to embrace the digital transformation and to fully grasp the economic, social and sustainable benefits of digitalisation.

Learn more about why cybersecurity in the EU should matter to you.

On 11 November Parliament adopted its negotiating position on the revision of the directive on the security of network and information systems. We asked Groothuis (Renew, the Netherlands), the MEP in charge of the file, to explain what the Parliament wants.

Advertisement

What are the most prominent cybersecurity threats?

Ransomware is by far the most significant threat. It tripled worldwide in 2020 and we see another peak coming this year. Ten years ago, ransomware targeted individuals. Someone had to pay €100 or €200 to the hacker. Nowadays, the average payment is €140,000. Not only large companies, but also small enterprises are being attacked and they have to pay because they cannot operate otherwise.

It is also the most significant threat because it is an instrument of foreign policy for rogue states. Ransomware  

Advertisement
  • A type of malware that infects computer systems, preventing the victim from using the system and data stored on it. The victim usually receives a blackmail note by pop-up, asking for the payment of a ransom to regain access. 

How does this ransomware pandemic affect the life of a citizen or company?

We see ransomware targeting nearly everything that offers services to citizens. It might be a local municipality, a hospital, a local manufacturer.

The Parliament and Council are working on cybersecurity legislation. The goal is to better protect these entities against these hackers. EU companies that provide essential or important services will have to take cybersecurity measures and governments need to have the capabilities to help these companies and share information with them and other governments.

What does Parliament want?

Parliament wants the legislation to be ambitious. The scope should be wide, we should cover and help entities that are vital to our way of living. Europe should be a safe place to live and do business. And we should not wait: we need this new legislation fast.

Why is speed important?

In cybersecurity, you need to make sure that you are not the weakest. EU businesses are already investing 41% less than companies in the US. And the US is moving fast; Biden is creating emergency legislation and you do not want to be in a situation where Europe becomes more attractive to ransomware hackers in comparison to other parts of the world. Investments in cybersecurity need to be made now.

The second reason is that there are problems in the cybersecurity community that need to be fixed as soon as possible. Cybersecurity professionals often have GDPR concerns: can they or can they not share cybersecurity data? There should be a solid legal basis to share cybersecurity data to help prevent cyberattacks.

What challenges could the Parliament face in the negotiations?

There will be debate on the scope, on which entities should be included, and we will have to discuss the administrative impact on companies. Parliament believes that the legislation should protect companies, but it should also be practical and doable; what can we reasonably ask? Another issue is the core of the internet, the root level domain name service. The European Commission and the Council want to bring this into the scope of the rules and regulate it. I very much oppose that, because Russia and China will want to do the same and we should keep the core free and open and retain our multi stakeholder model.

Why is it important to have common cybersecurity rules in all EU countries?

The basis of this legislation is the functioning of the internal market. It shouldn’t matter if you do business in Slovakia, Germany or the Netherlands. You want to make sure that there is a common level of cybersecurity requirements and that the country that you are in has cybersecurity infrastructure.

A high common level of cybersecurity in the EU 

Share this article:

Continue Reading

Cyber Security

Security and justice in the digital world: Marking 20 years of international co-operation under the Budapest Convention on Cybercrime

Published

on

Home Affairs Commissioner Ylva Johansson has delivered a video message at the opening of the Council of Europe's ‘Octopus' conference on the fight against cybercrime. The event marks the 20th anniversary of the Budapest Convention, which lies at the heart of a global alliance against Cybercrime. 66 countries are party to the Convention. It has been signed by all EU Member States. The Budapest Convention is the foundation for of anti-cybercrime legislation in 80% of countries worldwide. A Second Additional Protocol to the Convention, concerning enhanced cooperation and disclosure of electronic evidence, is expected to be approved by the Council of Ministers of the Council of Europe tomorrow. Once in place, this protocol will improve access to electronic evidence, enhance mutual legal assistance and help in setting up joint investigations. The Commission negotiated the Protocol on behalf of the European Union. The conference gathers cybercrime experts from public and private sectors as well as international and non-governmental organisations from all over the world, discussing the digital security challenges ahead including child sexual abuse and fight against ransomware. The event will take place online. More information is available here. Commissioner Johansson's video message will be available online here

Share this article:

Continue Reading

Cyber Security

President von der Leyen announces the EU will join the Paris Call for Trust and Security in Cyberspace

Published

on

Commission President Ursula von der Leyen addressed the Paris Peace Forum, and the president announced that the European Union and its 27 member states will join the Paris Call for Trust and Security in Cyberspace, alongside the United States. The President highlighted that “citizens must feel empowered, protected and respected online, just as they are offline”. In her speech, the President drew parallels between the European Commission's initiatives and the objectives of the Paris Call, on cyber-resilience, artificial intelligence (AI) and responsibility of platforms.

Recent cyber-attacks across Europe underline the need to step up cybersecurity. That is why the Commission has proposed a revision of the Directive on the security of network and information systems and announced a Cyber Resilience Act. The Artificial Intelligence Act will help ensure that AI keeps changing lives for the better, by managing risks in sensitive sectors, like health. The president welcomed the transatlantic cooperation on defining shared principles for trustworthy AI in the EU-US Trade and Technology Council. Finally, regarding responsibility of platforms, President von der Leyen highlighted that the Digital Services Act (DSA) will provide the EU with the tools it needs to tame algorithms that spread illegal content, hate speech or disinformation, while protecting freedom of expression online. She calls for the adoption of the DSA during the French Presidency of the Council next year. You can read the full speech here and rewatch it here.

Share this article:

Continue Reading
Advertisement
Advertisement

Trending