Visit Euronews

EU Policy. Commission to work on standards for high-risk IoT products under cyber rules

EU Commissioner Thierry Breton discussing the security risks related to IoT products.
EU Commissioner Thierry Breton discussing the security risks related to IoT products. Copyright Aurore Martignoni/CCE
Copyright Aurore Martignoni/CCE
By Cynthia Kroet
Share this articleComments
Share this articleClose Button

Products that are considered high-risk will have priority, an EU official said today.

ADVERTISEMENT

The European Commission will work on cybersecurity standardisation requests for high-risk connected products as soon as the Cyber Resilience Act (CRA) is fully adopted, a commission official said today (21 March).

“We have already one request out for consultation and we will send out the official one [to standardisation bodies] as soon as the CRA is approved,” Christiane Kirketerp de Viron, head of DG Connect's cybersecurity and digital privacy policy unit, said at an event organised by the Cybersecurity Coalition.

Proposed by the commission in 2022, the CRA aims to ensure that items with digital features, including everyday Internet-of-things products like connected doorbells and baby monitors as well as industrial machinery, are secure to use, resilient against cyber threats and provide enough information about their security properties.

So-called critical products will be examined more stringently by an oversight body, while those more low-risk are managed internally by manufacturers.

“We need to be smart in the requests, we will not be able to have standards for everything that the CRA covers straight away. We need to prioritise and look first at those that give conformity to the critical products,” she added.

EU executive will tomorrow (22 March) host a standards-related workshop with member states.

The CRA was approved in the European Parliament earlier this month (12 March) after a political deal late last year and is now awaiting formal adoption by the EU member states, before it will enter into force.

In addition to standards, the commission will also prepare implementing acts and delegated acts - secondary legislation - this year, as well as issue guidelines to companies.

Under the rules, producers of IoT devices can only launch products on the EU market if they know it does not have any significant vulnerabilities can that be hacked. Whenever they become aware of incidents or hacks, they will have to report this to the relevant authorities.

Share this articleComments

You might also like

EU Policy Internet of things cyber security