A committee of Members of the European Parliament (MEPs) approved a draft of new regulation designed to bolster the security of consumer devices, while outlining the next steps to develop standard requirements for connected products sold in the bloc.
In a statement, the parliament noted the Cyber Resilience Act will establish a uniform set of requirements for products with digital features and manufacturers will be required to provide details on their security properties.
Under the new regulation, consumer devices will be categorised into different lists based on “criticality” and level of cybersecurity risks. MEPs suggested an expansion of the list to include software products such as password managers, biometric readers, identity management software and smart assistants, smart watches and security cameras.
MEPs also require devices to have security updates installed automatically and separately from functional ones, while stressing the importance of talent and skills training in cybersecurity to combat cyber threats.
“Impact of cyber-attacks through digital products has increased dramatically in recent years,” the parliament claimed, with many consumers falling victim to vulnerabilities in smart home products including robot-vacuum cleaners and alarm systems.
The draft is backed by the majority of MEPs and they will now open negotiations about the proposal with the European Council.