Regulations to strengthen the security of connected devices have come into force in the European Union.
The Cyber Resilience Act (CRA) imposes obligations on product manufacturers to provide security support to consumers, including updating software to fix security vulnerabilities. The deadline to comply with the law's main obligations is still three years away (December 11, 2027), but it gives device manufacturers time to comply.
The bill was proposed a little more than two years ago to strengthen the security of devices such as smartwatches, internet-connected toys and app-controlled home appliances.
The proliferation of connected devices has raised concerns about increased hacking risks, with near-regular headlines about hacked baby monitors and children's toys raising questions about whether profits are being prioritized over consumer safety. There are growing concerns about this.
Pan-EU legislation mandates cybersecurity requirements for products with digital elements. Requirements apply throughout the product's lifecycle, from design, development, and operation. Distributors and retailers also need to ensure that the products they supply or stock comply with EU regulations.
The CRA applies to connected devices (i.e. products that are directly or indirectly connected to another device or (means products that are used). .
Devices can display the EU's CE mark to communicate CRA compliance. If local consumers are aware of CE markings, they can reduce their efforts to ensure they are purchasing safer products.
EU calls for legislation to “rebalance responsibility” for cybersecurity for manufacturers who must ensure products with digital elements meet legal standards if they want to access the EU market He said that
Penalties for failure to meet CRA standards will be imposed on member state-level supervisory authorities, which will be responsible for checking compliance. However, the law states that breaches of “essential cybersecurity requirements” can result in fines of up to 2.5% of global annual turnover (up to €15 million in excess). Masu. Violation of other requirements may result in a fine of 2% (up to 10 million euros). There is a risk of 1% (or 5 million euros) if we are unable to respond appropriately to regulatory requests.