The European Commission (EC) adopted new rules to enhance the cybersecurity features of wireless devices sold in the European Union (EU) to counter a growing risk of threats related to privacy data access and monetary frauds.
Manufacturers of mobile phones, tablets and wearable devices will be among those affected from the amendment to the Radio Equipment Directive which is planned to come into force in two months’ time provided there are no hurdles from the bloc’s Council and Parliament, the EC explained in a statement.
Device makers will be required to improve network resilience by adding features to avoid “harming communication networks” and prevent situations where devices are used to disrupt service functionality.
New features to safeguard personal consumer data, especially protecting children’s rights will also be made compulsory. Those might include measures to fend off unauthorised data access or transmission.
The EC will also require wireless devices to come with features which minimise the risk of fraudulent payments, such as enhanced user authentication.
After the new rules are implemented, device makers will have 30 months to bring their production into compliance.
Risks on the rise
EC Commissioner for the Internal Market Thierry Breton warned cyberthreats were evolving fast and were “increasingly complex and adaptable”.
The Commissioner argued the latest EC requirements will improve the security of a broad range of products and strengthen “our resilience against cyberthreats, in line with our digital ambitions in Europe”.
EC EVP Margrethe Vestager added. “You want your connected products to be secure. Otherwise how to rely on them for your business or private communication? We are now making new legal obligations for safeguarding cybersecurity of electronic devices.”Subscribe to our daily newsletter Back