Connected objects present regular security breaches which can sometimes be a vector for cyberattacks. To overcome this problem, the European Commission proposes to impose a new regulatory framework to raise the level of security in IoT.
A new regulatory framework for connected objects
The Members of the European Commission propose to the Members of the European Parliament to pass a new bylaw which covers the connected objects comprising digital elements, defined as software or hardware, as well as remote data processing solutions “. The objective is clear: strengthen the level of security of connected objectives. Manufacturers of IoT products will therefore have to comply with new European design, development and production requirements before a device is launched on the market.
According to the proposed law, obligations will be imposed on the various economic players, from manufacturers to distributors and importers, with regard to the marketing of connected objects, according to their role and responsibilities in the supply chain “. The list of requirements includes an appropriate level of cybersecurityprohibiting the release of products with known vulnerabilities, protecting against unauthorized access, limiting attack surfaces and minimizing the impact of incidents.
The European Commission wants more security in the IoT
As the European Commission reminds us with this text, people are not the only weak link in the field of cybersecurity. In effect, connected objects are also vulnerable to cyberattacks. According to the proposed regulatory framework, connected objects must “ guarantee data confidentiality », in particular by using encryption, protecting their integrity and processing only the data strictly necessary for their operation. The Commission also wants to draw up a list of critical products presenting a higher risk.
These connected objects will be divided into two classes with a specific conformity assessment process for each class. The companies concerned will have to obtain compulsory certificates attesting that they meet new European cybersecurity requirements. According to the text, those who do not respect the rules will be ” liable to a fine of up to €15 million or 2.5% of the worldwide turnover of the previous year “.