Cybersecurity, a European law for technological products

The European Commission he presented a proposal for a new cybersecurity law to protect consumers and businesses from products with characteristics of inadequate computer security. The law was announced by Commission President Ursula von der Leyen during the State of the Union address in 2021 and is based on the European Union strategy for cybersecurity presented in 2020. It is the first such legislation at European level. , which introduces mandatory IT security requirements for technological products.

Specifically, the proposal is to establish a new legislative framework in which they are established rules for placing on the market of technological products, in order to guarantee their safety, specific design requirements and development and standards relating to vigilance of the market. The responsibility will therefore lie with manufacturers, who will have to ensure compliance with the safety requirements of products sold on the European market. On the other hand, consumers will benefit most from it, who will be able to enjoy greater transparency on security features and better protection of fundamental rights such as privacy and data protection.

Now the question passes into hand to the European Parliament and the Council of Europe, who will have to examine the project. If the law is passed, member states will have two years to adapt to the new rules.

On the measure, Executive Vice-President for a Europe Ready for the Digital Age, Margrethe Vestager, said “We deserve to feel safe with the products we buy in the single market. Just as the CE marking guarantees us the safety of a toy or refrigerator, the Cyber ​​Resilience Law will ensure that the connected objects and software we purchase comply with strict cyber security measures.“. The vice-president for the promotion of the European lifestyle Margaritas Schinas – who defined the new measure “a cybersecurity ecosystem” that “brings security to all our homesin all our businesses and in all interconnected products“- and Internal Market Commissioner Thierry Breton reiterated that”By introducing cybersecurity by design, the cyber resilience law will help protect the European economy and our collective security“.

But there are also less enthusiastic reactions. Member of the European Parliament Patrick Breyer of the German Pirate Party defined the proposal “immature“:”Missing a clear obligation for manufacturers to immediately correct known security gaps. Manufacturers must be held accountable for self-inflicted security loopholes to make cybersecurity cost-effective“.