The European Union is taking new steps that would improve the cybersecurity of IoT devices sold on the European market, which should offer end-users a safer online environment when those devices come online.
One of the most significant problems facing IoT security is the lack of regulations. The IoT ecosystem is a free-for-all with hardware ranging from highly secure devices to gadgets that don’t bother with security. The good news is that the IoT industry is changing, and many governments have started to force manufacturers to be more security conscientious.
The delegated act to the Radio Equipment Directive adopted by the European Commission is designed to ensure that all wireless devices are safe before being sold on the EU market.
“This act lays down new legal requirements for cybersecurity safeguards, which manufacturers will have to take into account in the design and production of the concerned products,” said the Commission in a press release. “It will also protect citizens’ privacy and personal data, prevent the risks of monetary fraud as well as ensure better resilience of our communication networks.”
The new measures should cover pretty much all consumer-grade IoT devices, including mobile phones, tablets, toys and childcare equipment such as baby monitors, as well as a range of wearable equipment like smartwatches or fitness trackers. The new measures have three clear goals:
Improve network resilience: Wireless devices and products will have to incorporate features to avoid harming communication networks and prevent devices from being used to disrupt the functionality of websites or other services.
· Better protect consumers’ privacy: Wireless devices and products will need features that guarantee the protection of personal data. The protection of children’s rights will become essential element. For instance, manufacturers will have to implement new measures to prevent unauthorized access or transmission of personal data.
· Reduce the risk of monetary fraud: Wireless devices and products will need features to minimize the risk of fraud when making electronic payments. For example, they will have to ensure better authentication control of the user to avoid fraudulent payments.
· The new measures won’t be enforced immediately, as manufacturers will have a transition period of 30 months to comply with the latest legal requirements. This means that, if the new legislation is not delayed, we should see the first effects starting in mid-2024.
The new measures won’t be enforced immediately, as manufacturers will have a transition period of 30 months to comply with the latest legal requirements. This means that, if the new legislation is not delayed, we should see the first effects starting in mid-2024.