The EC is preparing new rules for cyber security
According to the draft, manufacturers will have to take responsibility for product safety throughout the entire life cycle. Thierry Breton, Commissioner for the Internal Market, pointed out that many hardware and software products are not subject to any security requirements. “When it comes to cyber security, Europe is only as strong as its weakest link, whether it’s a vulnerable member state or an insecure product along the supply chain.” Breton noted that any unprotected device, from computers and smartphones to toys and cars, is a potential entry point for a cyberattack.
Penalties for breaching the new rules will be severe, with fines for the most serious breaches up to €15 million or 2.5% of global annual revenue, whichever is greater. Companies could also be fined up to €10m or 2% of revenue for less serious offences, while those providing inaccurate, incomplete or misleading information could face fines of up to €5m or 1% of revenue. The European Parliament and the Council will now examine the draft. After adoption, companies and member states will have two years to adapt to the new requirements.