Why Are Major Technology Companies Opposing The EU’s Proposed Cyber Resilience Act?

Smart devices have engulfed our lives, right? From phones to fridges to cars to bulbs, objects all around us are getting connected to the internet.

Having a connected world has its advantages, which come in the form of ease of use, faster operation and a shared environment that enables people to set up their devices, objects, electricals and essentially their world in the way they’d like it.

However, this does come at a cost, particularly one that could hurt companies and individuals. The name of that cost? Cybercriminals!

Bad actors can gain undue advantage and take control of these objects and render them useless. On the flip side, they could gain unauthorized access to organization data and demand money in exchange. The name of that threat? Ransomware.

Taking note of this, the European Union has proposed new laws to combat such cyber risks.
 

What Laws Did The European Union Propose?

 

• According to an announcement made by the European Union in September 2022, the Cyber Resilience Act would require smart devices connected to the internet to be assessed for cybersecurity risks and appropriate measures taken to fix identified problems for a span of 5 years or the expected life of the products.

• Failing to do so would result in a fine of 15 million euros ($15 million) or up to 2.5% of the company’s total global turnover.

• The move came amidst a series of major ransomware incidents and rising cyberattacks that highlighted vulnerabilities in software, network equipment and operating systems.

• According to the EU, complying to the requirements could see companies save up to 290 billion euros annually in cyber incidents instead of facing non-compliance costs of about 29 billion euros.

Cut to the present, where many big companies and organizations are warning the EU of potential problems resulting from the proposed laws, which could result in harmful outcomes.

 

What Did Industry Giants Say About The Move?

 

• Electronics manufacturers Ericsson, Siemens, Schnieder Electric, Nokia, Robert Bosch and ESET, as well as industry group DigitalEurope believe the new set of laws proposed by the EU could disrupt supply chains, similar to what it was during the pandemic.

• The concerns grew deeper as the proposed rules would apply to importers and distributors of such devices.

• Writing to the EU Industry Chief Thierry Breton and EU Digital Chief Vera Jourova, the chief executives of the companies mentioned in a joint letter, “The law as it stands risks creating bottlenecks that will disrupt the single market.”

• They further said, “We risk creating a COVID-style blockage in European supply chains, disrupting the single market and harming our competitiveness.”

• According to the companies, millions of products could face the brunt of disruptions. These products include washing machines, toys, heat pumps, cooling machines and high-tech manufacturing.

• They believe the shortage of independent assessment experts could lead to delays.

• Furthermore, they suggested that manufacturers should focus on fixing known vulnerabilities before conducting assessments. Additionally, higher-risk products on the list should be scaled back.

• The companies also asked for more flexibility to self-assess cyber risks.

EU lawmakers and EU countries are set to negotiate on the terms of the proposed draft on November 8, before it can be adopted into laws.

Do you think tech companies will make strong points in their letter before the meeting? Do you think companies should be subject to the more robust cybersecurity laws than EU’s proposed rules?

Let us know in the comments below!