Published by Uma Rajagopal
Posted on September 15, 2022
2 min readLast updated: February 4, 2026
Add as preferred source on Google
By Foo Yun Chee
BRUSSELS (Reuters) – From laptops to fridges to mobile apps, smart devices connected to the internet will have to assess their cybersecurity risks and fix them under draft European Union rules announced on Thursday, amid concerns about a spate of cyber attacks.
Companies face fines of as much as 15 million euros ($15 million) or up to 2.5% of their total global turnover if they fail to do so under the European Commission’s proposed law known as the Cyber Resilience Act.
Companies could save as much as 290 billion euros annually in cyber incidents versus compliance costs of about 29 billion euros, the EU executive said.
A series of high-profile incidents of hackers damaging businesses and demanding huge ransoms in recent years have heightened concerns about vulnerabilities in operating systems, network equipment and software.
“It (the Act) will put the responsibility where it belongs, with those that place the products on the market,” EU digital chief Margrethe Vestager said in a statement.
EU industry chief Thierry Breton pointed to numerous devices that are vulnerable to hacking.
“Computers, phones, household appliances, virtual assistance devices, cars, toys… each and every one of these hundreds of million connected products is a potential entry point for a cyberattack,” he said.
Manufacturers will have to assess the cybersecurity risks of their products and take appropriate procedures to fix problems for a period of five years or during the expected lifetime of the product.
The companies will have to notify EU cybersecurity agency ENISA of incidents within 24 hours once they are aware of issues, and take measures to resolve them.
Importers and distributors will be required to verify that products conform with EU rules.
If companies do not comply, national surveillance authorities can prohibit or restrict a given product from being made available on its national market.
The draft rules will need to be agreed with EU countries and EU lawmakers before they can become law.
($1 = 1.0013 euros)
(Reporting by Foo Yun Chee; editing by Philip Blenkinsop)
Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks. These attacks typically aim to access, change, or destroy sensitive information.
Compliance in finance involves adhering to laws, regulations, and guidelines that govern financial practices. It ensures that companies operate within legal frameworks and maintain ethical standards.
The European Commission is the executive branch of the European Union responsible for proposing legislation, implementing decisions, and upholding EU treaties. It plays a key role in shaping EU policies.
Smart devices are electronic devices that connect to the internet and can collect, send, or receive data. Examples include smartphones, smart home appliances, and wearable technology.
A cyber attack is an attempt to damage, disrupt, or gain unauthorized access to computer systems, networks, or devices. These attacks can lead to data breaches and financial losses.
Explore more articles in the Technology category
