EU Council Passes Cyber Resilience Act to Enhance Security Measures for Connected Devices

The EU Council passed the new Cyber Resilience Act on Wednesday, requiring manufacturers to implement robust security measures for all connected devices before they reach consumers. This new law aims to enhance cybersecurity requirements for products with digital elements like smart TVs, appliances, home cameras, doorbells, and thermostats.

The Cyber Resilience Act will cover all Internet of Things (IoT) devices and products throughout their supply chain and lifecycle, including design, development, production, and availability. Any digital product connected to a WiFi network or another smart device will fall under the new regulations.

EU lawmakers believe this law will empower consumers to choose hardware and software products with appropriate security features. Products complying with the new rules will be stamped with the CE mark, indicating they meet the EU’s safety, health, and environmental protection requirements.

Exceptions to the law include products with established regulations like medical devices, aeronautical products, and cars. The law is designed to avoid overlapping requirements from existing legislation in individual EU member states.

The regulation, proposed in September 2022, is expected to be signed by the EU Council presidents and European Parliament and published in the EU’s official journal in the coming weeks. While it becomes valid in 20 days, full implementation and enforcement may take up to three years. The Cyber Resilience Act complements the EU’s existing cybersecurity framework, including NIS directives 1 and 2, and the EU cybersecurity act.