Siemens, Ericsson warn against EU cyber security rules – Security


Siemens, Ericsson and Schneider Electric, along with industry group DigitalEurope warned that onerous proposed EU rules targeting cyber security risks of smart devices could disrupt supply chains on a scale similar to during the pandemic.



Proposed by the European Commission last year, the Cyber Resilience Act requires manufacturers to assess the cyber security risks of their products and take measures to fix problems for a period of five years or through the expected lifetime of the products.

The proposed rules would also apply to importers and distributors of internet-connected devices. Cyber security worries have spiked following a series of high-profile incidents of hackers damaging businesses and demanding huge ransoms.

“The law as it stands risks creating bottlenecks that will disrupt the single market,” the chief executives of the companies wrote in a joint letter to European Union industry chief Thierry Breton and EU digital chief Vera Jourova.

They said disruptions could hit millions of products, ranging from washing machines to toys, cyber security products, as well as vital components for heat pumps, cooling machines and high-tech manufacturing.

Delays may be due to a shortage of independent experts to conduct the assessments and red tape, the companies said.

“We risk creating a Covid-style blockage in European supply chains, disrupting the single market and harming our competitiveness,” the companies said.

Other signatories to the letter include the CEOs of Nokia, Robert Bosch GmbH and Slovakian software company ESET.

The companies said the list of higher-risk products subject to the rule should be significantly scaled back and that manufacturers should be allowed to fix known vulnerability risks rather than first conducting assessments.

They also want more flexibility to self-assess cyber security risks.

The letter comes ahead of November 8 negotiations between EU countries and EU lawmakers to thrash out the details of the draft law before it can be adopted.



Source link