EU Proposes Tougher Cybersecurity for ‘Internet of Things’ Products

A Few Things About The Internet Of Things

A proposed European Union bill will fine makers of “internet of things” (IOT) products if they don’t meet stringent rules aimed at cutting down on cyberattacks, the Financial Times (FT) wrote Wednesday (Sept. 7).

Companies will have to get certificates showing they’re meeting the basic requirements to minimize the risk of attacks.

Those that don’t comply will be fined up to €15 million, or 2.5% of the previous year’s global turnover, whichever is higher. The rules will also allow the European Commission to recall and ban products that aren’t complying.

A study from EU regulators found that only half of relevant companies in the IOT field have the right safeguards to protect against cyberattacks. There are around 23,000 companies making hardware, with a combined annual turnover of €285 billion, and around 370,000 software makers with a total yearly turnover of €265 billion.

Cyberattacks against these companies and products also come from previously detected breaches that makers of the products didn’t fix, the research found. So the new EU rules will make fixing those breaches a requirement.

The rules say the companies will have to inform authorities and consumers about attacks and will have to fix the problem quickly.

The EU also recently voted on other measures to cut down on the risk of cyberattacks, PYMNTS wrote.

Read more: EU Agrees on Cybersecurity Laws to Protect Financial Sector

The EU Parliament and the Council of the European Union and the European member states found an agreement on the Digital Operational Resilience Act (DORA), which sets uniform requirements for the security of network and information systems for finance companies, along with “critical” third parties providing information and communications technology services.

“The new legislation will make sure that banks, insurers and financial institutions in the European Union are better equipped to prevent, detect and resolve digital operational risks and disruptions,” said MEP Alfred Sant in a press release.

For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.